DirectAudit 3.x on all platforms except AIX
Why is "centrifyda" added to the password line in /etc/nsswitch.conf in DirectAudit version 3.x when DirectAudit is enabled?
1) In prior releases, symbolic links were created to enable auditing on a shell-by-shell basis.
2) In DirectAudit version 3.x, a new NSS module was added; centrifyda, so that all the stdin/stdout for the user's login shell can be intercepted.
3) When enabling audit, centrifyda is placed in front of centrifydc in /etc/nsswitch.conf
To enable auditing on a UNIX computer:
A) Log on as a user with root privileges.
B) Run dacontrol with the -e option:
C) Run dacontrol again to verify that auditing has been enabled.
DirectAudit NSS module: Active
Be aware of the parameter autofix.nss.conf (set to true) in /etc/centrifyda/centrifyda.conf.
This specifies whether the dad process fixes /etc/nsswitch.conf automatically if anything goes wrong.
true : Fixes /etc/nsswitch.conf automatically.
false : Leaves /etc/nsswitch.conf as is.
If customer would like to disable Centrify DirectAudit from editing /etc/nsswitch.conf file, follow these steps:
- Edit /etc/centrifyda/centrifyda.conf and set below parameter to ‘false’:
- Save the file, then run 'dareload'
- Run 'dacontrol -e'
- Make any additional changes to nsswitch.conf for your environment
- From this point onwards, the DirectAudit daemon will not monitor and try to modify the file