[784] in Intrusion Detection Systems
Re[2]: Audit trails
daemon@ATHENA.MIT.EDU (Mark_W_Loveless@smtp.bnr.com)
Sun Dec 1 20:37:17 1996
From: Mark_W_Loveless@smtp.bnr.com
Date: Thu, 28 Nov 96 23:48:59 CST
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
>> Actually, AIX has quite good auditing features for Unix. It can include
>> quite a bit of detail, including what commands a particular user is
using
>> and at what time. Almost noone uses the entire auditing features
because
>> it gives too much information and can slow the system response time
noticably.
>True, but if you're trying to watch particular users or areas of the system for
>suspicious activity, such as a hacker, then these sorts of audit trails are
>just what the doctor ordered. For the benefit of those of us without access to
>AIX, could you give us a brief description of the sorts of auditing that is
>available?
Try looking at http://beaver.fu-q.com/nomad/faqs/aix which covers most of the
basics.
