Copy vi /etc/security/audit/config
Copy // 값 변경
set binmode = off
streammode = on
// 입력값 추가(class section, user section)
class:
system = USER_Remove,USER_Create,GROUP_Create,GROUP_Remove
init = User_Login
…
users:
root = general
default = general, system, init
Copy /etc/security/audit/streamcmds
Copy // 입력값 추가
/usr/sbin/auditstream | auditpr -v | /usr/bin/logger -p local7.info &
find /etc -type f | awk ‘{printf(“%s:\n\tw = FILE_Write\n\n”,$1)}’ >> /etc/security/audit/objects
/usr/sbin/auditstream | /usr/sbin/auditselect -e “event == FILE_Write” | auditpr -hhelpPRtTc -v > /dev/console &
Copy vi /etc/security/audit/objects
Copy /etc/hosts:
w = FILE_Write
Copy vi /etc/security/audit/objects
Copy vi /etc/security/audit/events
Copy W_@태그네임 = printf “%s_qubit”
Copy // 입력값 추가
*.info @로그취합서버 IP주소
*.debug @로그취합서버 IP주소
…
*.debug;*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;mail.none;auth.none /var/adm/syslog/syslog.log
#User.debug /var/adm/syslog/syslog.log rotate size 5m files 5