Hello System Admins,
Is there a way to audit the use of telnet without resorting to
putting the following line in my /etc/sec/audit_events file?
connect succeed fail
I believe turning on auditing for the "connect" event will record
all connection activity on all ports -- that would generate far
too much data for my needs. I am only interested in auditing the
use of /usr/bin/telnet by users currently logged on. In other
words, I want to record WHAT USER on this node invoked telnet and
WHERE DID THEY TELNET TO.
I've tried using this command sequence:
# auditmask -s obj_sel
# auditmask -x /usr/bin/telnet
But this doesn't seem to cause any logging of the use of telnet.
I've even "turned on" object selection by running audit_setup.
Is this not the correct use of object selection? All the other
items listed in my audit_events file are being logged normally,
so the auditing subsystem seems to be functioning.
I sure could use any information you might have to help me out!
I'm running DU 4.0D and C2 Security. I'll summarize.
Paul Youngblood
Received on Fri Jun 25 1999 - 18:46:13 NZST