[779] in Intrusion Detection Systems
Re: Audit trails
daemon@ATHENA.MIT.EDU (IO ERROR)
Wed Nov 27 06:37:46 1996
Date: Tue, 26 Nov 1996 07:34:33 -0600 (CST)
From: IO ERROR <error@error.net>
To: ids@uow.edu.au
In-Reply-To: <9611241907.AA86617@tkg.austin.ibm.com>
Reply-To: ids@uow.edu.au
On Sun, 24 Nov 1996, Tim Walding wrote:
> Actually, AIX has quite good auditing features for Unix. It can include
> quite a bit of detail, including what commands a particular user is using
> and at what time. Almost noone uses the entire auditing features because
> it gives too much information and can slow the system response time noticably.
True, but if you're trying to watch particular users or areas of the system for
suspicious activity, such as a hacker, then these sorts of audit trails are
just what the doctor ordered. For the benefit of those of us without access to
AIX, could you give us a brief description of the sorts of auditing that is
available?
--
Michael Hampton Crossroads Communications System Administrator
error@error.net 318 E Burlington, Iowa City, IA 52240 (319) 354-6614
