This procedure enables the audit service for all zones. To start the audit daemon in a non-global zone, see Example 30–20.
When auditing is configured securely, the system is in single-user mode until auditing is enabled. You can also enable auditing in multiuser mode.
You should perform this procedure as superuser after completing the following tasks:
Planning – Planning Solaris Auditing (Task Map)
Customizing audit files – Configuring Audit Files (Task Map)
Setting up audit partitions – How to Create Partitions for Audit Files
Setting up audit warning messages – How to Configure the audit_warn Email Alias
Setting audit policy – How to Configure Audit Policy
Host name translation must be working correctly for auditing to function. The hosts database in the naming services must be correctly configured and functioning.
For configuration of the hosts database, see the nsswitch.conf(4) and netconfig(4) man pages. For additional information, see the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) or the System Administration Guide: Naming and Directory Services (NIS+).
Run the script that enables the audit service.
Go to the /etc/security directory, and execute the bsmconv script there.
# cd /etc/security # ./bsmconv This script is used to enable the Basic Security Module (BSM). Shall we continue with the conversion now? [y/n] y bsmconv: INFO: checking startup file. bsmconv: INFO: turning on audit module. bsmconv: INFO: initializing device allocation. The Basic Security Module is ready. If there were any errors, please fix them now. Configure BSM by editing files located in /etc/security. Reboot this system now to come up with BSM enabled.
For the effects of the script, see the bsmconv(1M) man page.
Reboot the system.
The startup file /etc/security/audit_startup causes the auditd daemon to run automatically when the system enters multiuser mode.
Another effect of the script is to turn on device allocation. To configure device allocation, see Managing Device Allocation (Task Map).
In the following example, the global zone administrator turned on perzone policy after auditing was enabled in the global zone and after the non-global zone had booted. The zone administrator of the non-global zone has configured the audit files for the zone, and then starts the audit daemon in the zone.
zone1# svcadm enable svc:/system/auditd