Auditing UNIX/Linux System Use with
Tivoli Access Manager for Operating
Systems and Tivoli Compliance Insight
This IBM® Redpaper looks at auditing UNIX/Linux® system use with the Tivoli® Access™
Manager for Operating Systems and Tivoli Compliance Insight Manager products, and
focuses only on UNIX/Linux system auditing.
Any site that has deployed a large number of UNIX® or Linux systems will be familiar with the
security concerns that are entrenched in these operating systems. One of the most significant
is the concern over the use of the superuser account, root, or any account with UID=0. The
root user has access to any resource in the system, and where this activity is logged through
system accounting or auditing, the root user has access rights to modify the audit files. The
user could perform malicious changes to the system and then wipe their tracks. As many
activities on a UNIX/Linux system require root authority, many sites find that the number of
users who know the root password is out of control and impossible to track.
Tivoli Access Manager for Operating Systems provides operating system level access control
for UNIX/Linux systems. One of the key features is the ability to control root account use.
Another strength of the product is its ability to audit system use and secure the audit trail from
tampering. Tivoli Compliance Insight Manager provides enterprise-wide audit and compliance
reporting. Use of Tivoli Access Manager for Operating Systems with Tivoli Compliance
Insight Manager can provide an effective UNIX/Linux activity auditing solution.
This paper is an introduction to Tivoli Access Manager for Operating Systems and how it
provides for UNIX/Linux activity auditing. A number of privileged user use cases are
performed, and the native Tivoli Access Manager for Operating Systems auditing mechanism
is used to report on the use cases. Finally, this audit data is sent to the Tivoli Compliance
Insight Manager and viewed using standard and custom re