Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
31323334353637383940
Solaris 9 Security CX-310-301 31
¾ Reboot the system to bring it up with auditing enabled
# /etc/security/bsmconv
This script is used to enable the Basic Security Module (BSM).
Shall we continue with the conversion now? [y/n] y
bsmconv: INFO: checking startup file.
bsmconv: INFO: move aside /etc/rc3.d/S81volmgt.
bsmconv: INFO: turning on audit module.
bsmconv: INFO: initializing device allocation files.
The Basic Security Module is ready.
If there were any errors, please fix them now.
Configure BSM by editing files located in /etc/security.
Reboot this system now to come up with BSM enabled.
The following files are created in the /etc/security directory when you enable BSM:
¾ audit_startup
¾ device_allocate
¾ device_maps
Note that the volume management facility conflicts with BSM if you’re going to be using it for securing
devices (described later in this section) and is automatically disabled when BSM is enabled.
Generating an Audit
Suppose you want to audit all file deletions to catch someone maliciously deleting important files.
You have two choices how to do this:
¾ Edit the /etc/security/audit_control file to audit for all users, i.e. non-attributable to a single user
¾ Edit the /etc/security/audit_user file to audit for a specific user
In this example, I edited /etc/security/audit_user to look specifically for user root deleting files. I added the
fd option for this user and saved the file, as shown here:
root:fd,lo:no
Use the audit command to make the daemon, auditd re-read the configuration files. This command is
described at the end of this section.
TIP: There is an all option to auditing, but this is not recommended for any period of time as it consumes
vast amounts of disk space. If this option is to be used, then only leave it on for a few minutes to see how
much data is gathered.