3

I am trying to read the contents of a pascal.bsm file. What I am basically interested in is the system calls included in the file. I dont know how to open and read the file. The file I'm trying to read is here It is a file generated by a solaris system and includes the audit data which are not in easily readable form. What should I do? Thanks.

ashokadhikari
  • 1,022
  • 3
  • 14
  • 28

1 Answers1

4

Just use praudit on Solaris:

$ praudit pascal.bsm
file,1999-03-01 13:31:59.731 +01:00,
header,36,2,system booted,na,1999-03-01 13:31:32.219 +01:00
text,booting kernel
header,126,2,open(2) - read,,1999-03-01 13:32:19.241 +01:00
path,/etc/security/audit_control
attribute,100664,root,other,8388608,62781,0
subject,root,root,other,root,other,257,257,0 0 172.16.112.50
return,success,4
trailer,126
header,150,2,ioctl(2),fe,1999-03-01 13:32:19.241 +01:00
path,/etc/security/audit_control
attribute,100664,root,other,8388608,62781,0
argument,2,0x5401,cmd
argument,3,0xefffed7c,arg
subject,root,root,other,root,other,257,257,0 0 172.16.112.50
return,failure: Inappropriate ioctl for device,-1
trailer,150
header,137,2,close(2),,1999-03-01 13:32:19.241 +01:00
argument,1,0x4,fd
path,/etc/security/audit_control
...
jlliagre
  • 27,018
  • 6
  • 57
  • 68
  • any idea on how to open them on ubuntu please? – Goaler444 Mar 20 '13 at 19:28
  • The simplest way would be to install VirtualBox on your Ubuntu box, then a VM with a Solaris distribution and use its `praudit` command. Alternatively, you might try compiling from its source code, but that might be a much complex alternative. – jlliagre Mar 20 '13 at 21:38
  • 1
    @Goaler444 You are welcome. Feel free to vote up my answer which, despite being undoubtedly correct, had not a single vote after almost two years ... – jlliagre Mar 22 '13 at 01:31