System Administration Guide: Security Services

ProcedureHow to Enable the Audit Service

This procedure enables the audit service for all zones. To start the audit daemon in a non-global zone, see Example 30–20.

When auditing is configured securely, the system is in single-user mode until auditing is enabled. You can also enable auditing in multiuser mode.

Before You Begin

You should perform this procedure as superuser after completing the following tasks:

Note –

Host name translation must be working correctly for auditing to function. The hosts database in the naming services must be correctly configured and functioning.

For configuration of the hosts database, see the nsswitch.conf(4) and netconfig(4) man pages. For additional information, see the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) or the System Administration Guide: Naming and Directory Services (NIS+).

  1. Run the script that enables the audit service.

    Go to the /etc/security directory, and execute the bsmconv script there.

    # cd /etc/security
    # ./bsmconv
    This script is used to enable the Basic Security Module (BSM).
    Shall we continue with the conversion now? [y/n] y
    bsmconv: INFO: checking startup file.
    bsmconv: INFO: turning on audit module.
    bsmconv: INFO: initializing device allocation.
    The Basic Security Module is ready.
    If there were any errors, please fix them now.
    Configure BSM by editing files located in /etc/security.
    Reboot this system now to come up with BSM enabled.

    For the effects of the script, see the bsmconv(1M) man page.

  2. Reboot the system.

    # reboot

    The startup file /etc/security/audit_startup causes the auditd daemon to run automatically when the system enters multiuser mode.

    Another effect of the script is to turn on device allocation. To configure device allocation, see Managing Device Allocation (Task Map).

Example 30–20 Enabling Auditing in a Non-Global Zone

In the following example, the global zone administrator turned on perzone policy after auditing was enabled in the global zone and after the non-global zone had booted. The zone administrator of the non-global zone has configured the audit files for the zone, and then starts the audit daemon in the zone.

zone1# svcadm enable svc:/system/auditd