Friday, June 15, 2012

Enabling Userlevel auditing on Solaris 10

Hi All, 

Can anyone tell me simple steps to enable Auditing on Solaris 10 apart from 
BSM as its requires to be configured on single user mode, I want to capture the 
details like user deletion creation modification etc and how to send this logs 
to remote syslog server ?? 
these files need to be edited 
/etc/security/audit_user 
/etc/security/audit_event 
/etc/security/audit_control 
/etc/security/audit_class
For this I will have to enable BSM module I don't want to do that is there any 
other way for simple user auditing 


Hi, 

why you don't want to use BSM (it is proper way to set up audit, which 
can be then be fine tuned)? 

As far as I know, this is only way to setup audit (i had always used 
BSM, so it might be that i am wrong). 
  I guess to enable BSM requires kernel parameter to reload which gets active when 
rebooted , in our environment it's difficult to reboot 30 + Solaris servers 

Hi ALL , 

Adding to this , i Would like to know little bit more. 

1) What is BSM auditing. 

2) What are the things we can audit and what is the Advantage of Auditing and who all can do this like apart from root user any one else. 

0 comments:

Post a Comment

 
Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM