Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2835: DirectAudit 3.x and /etc/nsswitch.conf

Auditing and Monitoring Service ,  

14 February,17 at 11:22 PM

Applies to:

DirectAudit 3.x on all platforms except AIX

Why is "centrifyda" added to the password line in /etc/nsswitch.conf in DirectAudit version 3.x when DirectAudit is enabled?

1) In prior releases, symbolic links were created to enable auditing on a shell-by-shell basis. 
2) In DirectAudit version 3.x, a new NSS module was added; centrifyda, so that all the stdin/stdout for the user's login shell can be intercepted. 
3) When enabling audit, centrifyda is placed in front of centrifydc in /etc/nsswitch.conf
To enable auditing on a UNIX computer:
A) Log on as a user with root privileges.
B) Run dacontrol with the -e option:
  dacontrol -e
C) Run dacontrol again to verify that auditing has been enabled.
  DirectAudit NSS module: Active
Be aware of the parameter autofix.nss.conf (set to true) in /etc/centrifyda/centrifyda.conf. 
This specifies whether the dad process fixes /etc/nsswitch.conf automatically if anything goes wrong.
true  : Fixes /etc/nsswitch.conf automatically.
false : Leaves /etc/nsswitch.conf as is.
If customer would like to disable Centrify DirectAudit from editing /etc/nsswitch.conf file, follow these steps:
  • Edit /etc/centrifyda/centrifyda.conf and set below parameter to ‘false’:
    • autofix.nss.conf: false
  • Save the file, then run 'dareload'
  • Run 'dacontrol -e'
  • Make any additional changes to nsswitch.conf for your environment
  • From this point onwards, the DirectAudit daemon will not monitor and try to modify the file

Related Articles

No related Articles