Thanx to: JayJay Florendo Tim Bradshaw hike Rajiv Gunja A Darren Dunham Scott Lawson Christopher L.Barnard The "problem" was I'm still on Solaris 9 ;( Yes, we *are* going the seperate user route + roles etc. ... but big ships have wide turning circles, and that would've alarmed the possible culprit. We've enabled accounting, and will see what comes out of that. Thanx On Tue, Sep 2, 2008 at 12:23 PM, Hendrik Visage <hvjunk@gmail.com> wrote: > Hi there, > > we have a suspicion of subtle sabotage, and we need to catch the > culprit(s), however there is a common user ID for this application > that the users log into ;( (Yes, I know, but big ships have huge > turningcircles) > > What we are in need of is a "real time" method to trap which process > made the change and then perhaps be able to trace back to the sshd and > source IP. > > don't want to enable full auditing as yet becuase of the performance > impact on a very busy server, but if people say that's the way to go > from experience, then we'll do it. > > -- > Hendrik Visage > -- Hendrik Visage -- Hendrik Visage _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Sep 8 06:39:38 2008
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:12 EST