06-11-2015 01:46 PM
Hello Forum,
Is there a working method (or available NBU utils/logs, etc) to track who and when changes are made to a NBU environment ?
Most NBU adminstration is done using the Java GUI, with remaining admin completed using the command line. The NBU admin su to root and then the auth.conf has all admins with the following config
root ADMIN=ALL JBP=ALL
* ADMIN=JBP JBP=ENDUSER+BU+ARC
admins_name ADMIN=ALL JBP=ALL
We have NBU 7.6.0.3 on Linux Redhat 2.6
Solved! Go to Solution.
06-11-2015 02:21 PM
Something like NetBackup Auditing?
About NetBackup auditing
06-11-2015 10:01 PM
do you have NBAC in your environment?
if No, we can check using nbauditreport, however using this command we can track the time of the modifications/changes in NBU.
Have a look on the below link to know more about nbauditreport.
https://support.symantec.com/en_US/article.HOWTO104940.html
06-11-2015 02:21 PM
Something like NetBackup Auditing?
About NetBackup auditing
06-11-2015 02:34 PM
Unless you're using NBAC (*shudder*) I think you're out of luck even for GUI auditing. You will see that a change was made but not who made it. I think even with NBAC you won't be able to see CLI-driven changes if your admins are elevating to root.
06-11-2015 10:01 PM
do you have NBAC in your environment?
if No, we can check using nbauditreport, however using this command we can track the time of the modifications/changes in NBU.
Have a look on the below link to know more about nbauditreport.
https://support.symantec.com/en_US/article.HOWTO104940.html
06-11-2015 11:36 PM
For person referable auditing NBAC is the only solution.
While NBAC do add a bit of extra complexity its not that bad.
06-12-2015 12:24 AM
Thanks for the timely responses !
NBAC is not configured on our NBU environment and it appears that it requires some major planning to implement. I'm guessing, perhaps incorrectly, that if NBAC was configured today, the detailed reporting would only be from today forward.
The command nbauditreport returns some really good configuration change info. It's unfortunate though that the NBU administrators are not setup to access NBU with root access using their individual accounts. As mentioned, the NBU admins use "sudo su -" to directly access root privileges for NBU admin GUI and NBU commands, so all nbauditreport output shows all commands made by root@master. Great command that returns good historical info.