SUMMARY: changes to file: catching the culprit

From: Hendrik Visage <>
Date: Mon Sep 08 2008 - 06:37:12 EDT
Thanx to:
JayJay Florendo
Tim Bradshaw
Rajiv Gunja
A Darren Dunham
Scott Lawson
Christopher L.Barnard

The "problem" was I'm still on Solaris 9 ;(
Yes, we *are* going the seperate user route + roles etc. ... but big
ships have wide turning circles, and that would've alarmed the
possible culprit.

We've enabled accounting, and will see what comes out of that.


On Tue, Sep 2, 2008 at 12:23 PM, Hendrik Visage <> wrote:
> Hi there,
>  we have a suspicion of subtle sabotage, and we need to catch the
> culprit(s), however there is a common user ID for this application
> that the users log into ;( (Yes, I know, but big ships have huge
> turningcircles)
> What we are in need of is a "real time" method to trap which process
> made the change and then perhaps be able to trace back to the sshd and
> source IP.
> don't want to enable full auditing as yet becuase of the performance
> impact on a very busy server, but if people say that's the way to go
> from experience, then we'll do it.
> --
> Hendrik Visage

Hendrik Visage

Hendrik Visage
sunmanagers mailing list
Received on Mon Sep 8 06:39:38 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:12 EST