You can enhance security event reporting in Sentinel by enabling process accounting. However, enabling process accounting substantially increases the activity on the monitored computer and also changes the base computer configuration, which may not be acceptable for your environment. Enabling process accounting are optional tasks. Do not enable these modules if syslog reports the events you want to monitor.
To enable process accounting on AIX computers, enter the following command at the prompt:
/usr/sbin/acct/accton /var/adm/pact
You can also enter the following line in an rc script to automatically restart process accounting:
/usr/bin/su – adm –c /usr/sbin/acct/startup
To enable process accounting, enter the following command at the prompt:
/usr/sbin/acct/startup
You can also enter the following line in the /etc/rc.config.d/acct script to automatically restart process accounting:
START_ACCT=1
To configure process accounting on Red Hat Linux computers:
Install the psacct package located in the Linux installation kit. This package is not installed by default unless you installed all available packages. For more information about installing the psacct package, see the Red Hat Linux documentation.
Modify your system init script to automatically start process accounting by adding the following lines:
# Turn process accounting on.
if [ -x /sbin/accton ]
then
/sbin/accton /var/log/pacct
echo "Process accounting turned on."
fi
Create an accounting record file named pacct by entering the following command:
touch /var/log/pacct
By default, the process accounting software prints out all commands executed to the file /var/log/pacct.
Modify the permissions to the pacct file by entering the following commands:
chown root /var/log/pacct chmod 644 /var/log/pacct
To start process accounting, enter the following command at the prompt:
/usr/lib/acct/accton /var/adm/pacct
You can also enter the following commands to automatically restart process accounting:
ln /etc/init.d/acct /etc/rc2.d/S22acct ln /etc/init.d/acct /etc/rc0.d/K22acct