Identityaudit

From CoolSolutionsWiki

-my other wikis



Here's what you'll need to download:

http://download.novell.com/Download?buildid=2Jpzs5LliIw~

http://download.novell.com/Download?buildid=o2tk3qvGvDU~

http://download.novell.com/Download?buildid=1O9cbsOIO8Y~

Contents

[edit]

docs

  1. http://www.novell.com/documentation/identityaudit/
  2. troubleshooting/logs
[edit]

notes

  1. check memory. 8 GB
  2. check OES - its OES :(
  3. verify architecture. x64
  4. verify apparmor and firewall OFF
  5. cat /var/log/audit/audit.log
[edit]

install

  1. checked fw = off
  2. apparmor = changed to stopped/off
  3. checked tomcat = not running
  4. verified no OES
  5. /root/novell/identity_audit_1.0_x86-64/setup # ./root_install_all.sh /root/novell/identity_audit_1.0_x86-64.tar.gz
  6. took configs before, after install and after audit patch
  7. patch
    1. /opt/novell/identity_audit_1.0_x86-64/bin/identity_audit.sh stop
    2. su novell
[edit]

platform agent

  1. cat /etc/logevent.conf
  2. vi /etc/opt/novell/eDirectory/conf/ndsmodules.conf
  3. stop/start platform agents
      1. ndsmanage stopall
      2. ndsmanage startall
    2. or
      1. ndstrace -c "load auditDS"
      2. ndstrace -c "unload auditDS"
  4. ps aux | grep lcache
  5. rpm -qa | grep AUDT | xargs rpm -qi
[edit]

pw recovery

  1. 198 export LD_LIBRARY_PATH=/opt/novell/identity_audit_1.0_x86-64/3rdparty/postgresql/lib
  2. 199 ./psql
  3. 200 ./psql -U dbauser SIEM
  4. 201 psql SIEM -U dbauser
  5. 202 ./psql SIEM -U dbauser
  6. 203 cat ~novell/.pgpass
  7. 204 ./psql SIEM -U dbauser
  8. 205 ./psql SIEM -U admin
[edit]

search

  1. sev:[0 TO 5] NOT "Login Failed" NOT "LDAP" NOT "Allow Login"
  2. sev:[0 TO 5] NOT "Login Failed" NOT "LDAP" NOT "Allow Login" NOT Logout NOT "Add Group Member" NOT Delete NOT "Change Security" NOT ACL NOT "Login Enabled"
Retrieved from "http://wiki.novell.com/index.php/Identityaudit"