Disable directaudit

Showing results for 
Search instead for 
Do you mean 
Reply
Advisor I
Posts: 54
Registered: ‎09-16-2014
#11 of 15 4,865

Re: Disable directaudit

Sorry for the confusion; you're right to be careful, RP. I was trying to reply to johnjersey63's point of "if I stop centrifyda I get the emergency prompt". It sounded like he was the one that installed it, and apparently has the authority to disable it, but was doing it the wrong way.
Contributor I
Posts: 30
Registered: ‎08-04-2014
#12 of 15 4,862

Re: Disable directaudit

[ Edited ]

I am an ISSO within a DOD community - :-)

 

At present, we are auditing with a different mechanism however, this may be useful in the near future so DA is installed but we have no "collectors" setup.

 

My Unix Login is set to "audit if possible" just like my unclassified network however, on the low side dainfo states "User (xxxxxxx) audited status: No

On my high side, it states User (xxxxxxx) audited status: Yes

Once I invoked dacontrol -d is not states User (xxxxxxx) audited status: No

I am not sure why this was a yes???  I

Advisor I
Posts: 54
Registered: ‎09-16-2014
#13 of 15 4,858

Re: Disable directaudit

Maybe DA was auditing you and spooling it locally? Could check the theory with a: "grep dad.data.dir /etc/centrifyda/centrifyda.conf" to see where the (binary) files would gone.
Contributor I
Posts: 30
Registered: ‎08-04-2014
#14 of 15 4,856

Re: Disable directaudit

# dad.data.dir: /var/centrifyda

 

I am perplexed why the audited status is a yes and how once it is on, can I disable it for users.

The manual wasn't clear to me.....

 

 

Highlighted
Advisor I
Posts: 54
Registered: ‎09-16-2014
#15 of 15 4,853

Re: Disable directaudit

That's how I understand Centrify to work; "dacontrol -d" disables auditing for the (whole) system you're on, not just the current user, so of course users are no longer audited.