Which Unix commands show that Audited Events is enabled? (NETIQKB43471)

  • 7743471
  • 02-Feb-2007
  • 24-May-2007

Resolution

goal
Which Unix commands show that Audited Events is enabled?

goal
How do I determine whether a Unix computer is auditing events?

fact
VigilEnt Security Agent for Unix

fact

To determine whether Audited Events is enabled on a computer running Unix, on the computer, run the command appropriate for the installed operating system: 

Operating SystemCommand NameComments
AIXaudit queryAfter running the command, check the output.  If the first line of the output contains the word on, auditing is enabled.
HP-UXaudsysAfter running the command, check the output.  If the first line of the output contains the word on, auditing is enabled.
OSFps -ef| grep -w auditdWhen the command is complete run the following process: /usr/sbin/auditmask.
Linux Linux does not support auditing.
Solarisauditconfig -getcondAfter running the command, check the output.  If the first line of the output contains the word auditing, auditing is enabled.
Irixsbin/chkconfig audit 


Additional Information

Formerly known as NETIQKB43471