Last updated on JULY 29, 2016
Applies to:Solaris Operating System - Version 8 6/00 U1 and later
A user who edits crontab, is also logged in audit log. Some users may question this behavior and wonder if they meet a BSM (Basic Security Module) bug.
For example, 1. Super user (root) logs in to the specific system and uses crontab -e to define the following 2 cron jobs. ... 44 9 * * * rm /tmp/123 46 9 * * * rm /tmp/124 ... 2. At 9:45 user (user1) logs in to the specific system and then changes to root via su -. Finally user1 uses crontab -e to put a comment line as below. ... # comment 44 9 * * * rm /tmp/123 46 9 * * * rm /tmp/124 ... 3. From the audit log, at 9:44, BSM successfully logged the rm event for /tmp/123 with the user id (root). However, at 9:46, BSM logged the other event with the audit id (user1). NOTE: Audit log files (see audit.log(4) for details) are written to the directory /var/audit. praudit(1M) can be used to make the audit log 'readable', and auditreduce(1M) to select the audit records in which we are interested.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms