Chat now with support
Chat with Support

InTrust 11.3.1 - Preparing for Auditing and Monitoring IBM AIX

IBM AIX Auditing and Real-Time Monitoring Overview

IBM AIX Auditing and Real-Time Monitoring Overview

The IBM AIX Knowledge Pack expands the auditing and reporting capabilities of InTrust to IBM AIX. The Knowledge Pack enables InTrust to work with IBM AIX Syslog, text logs, and Audit log.

The following table shows what you can audit and monitor on AIX:

Data source Gathering

Real-Time Monitoring

Syslog messages Yes Yes
Text logs of any format Yes No
Configuration file modification Yes Yes
AIX audit logs Yes No

Setup

Requirements

The InTrust Knowledge Pack for IBM AIX is compatible with the following IBM AIX versions:

  • V7.1
  • V6
  • V5.3 TL 5300-11-06 or later

IBM C++ Runtime Environment Components for AIX (version 12.1.0.3 or later) must be installed on the AIX computers where you want to set up InTrust agents. This software is available from the IBM Web site at

http://www-01.ibm.com/support/docview.wss?uid=swg24035841.

Installation

To enable AIX support in InTrust, the AIX Knowledge Pack must be installed on the InTrust server.

The Knowledge Pack is installed as part of the main InTrust installation. The following objects are included:

  • Data sources:
    • AIX Audit Log
    • AIX Syslog
    • AIX Accounts Monitoring
    • AIX Text Files Monitoring
  • Gathering policies:
    • AIX: Common Security Events
    • AIX: All Syslog Messages
    • AIX: Accounts monitoring
    • AIX: Text files monitoring
    • AIX: All Events from Audit Log
    • AIX: filesystem events from Audit Log
    • AIX: logins/logouts from Audit Log
    • AIX: process execution events from Audit Log
    • AIX: system object events from Audit Log
  • Import policies:
    • AIX: Common Security Events
    • AIX: All Syslog Messages
    • AIX: Accounts monitoring
    • AIX: Text files monitoring
    • AIX: All Events from Audit Log
    • AIX: filesystem events from Audit Log
    • AIX: logins/logouts from Audit Log
    • AIX: process execution events from Audit Log
    • AIX: system object events from Audit Log
  • Consolidation policies:
    • AIX logs consolidation
    • AIX logs consolidation for the last month
  • Tasks:
    • AIX logs—daily collection
    • AIX configuration changes daily collection
    • AIX weekly reporting
  • “AIX hosts” site
  • “AIX: security” real-time monitoring policy
  • Reports:
    • AIX login statistics
    • AIX successful logins
    • AIX su activity
    • AIX failed login attempts
    • AIX multiple failed login attempts
    • All AIX syslog events
    • AIX User management
    • AIX Group management
    • AIX Group membership management
    • AIX Configuration files modifications
    • AIX File Permission Changes
    • AIX Password Changes
    • AIX Reboots
  • Rules:
    • ‘su root’ succeeded
    • Multiple failed logins
    • Login authentication failed
    • Failed ‘su’ attempt
    • Successful login by root
    • User account created
    • User account removed
    • Group created
    • Group removed
    • User added to the group
    • User removed from the group
    • Syslog.conf file modified
    • Text file modified

To install the Knowledge Pack, launch its setup package on the InTrust server.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents