Enabling and Using BSM Auditing
The Logical Domains Manager uses the Solaris OS Basic Security module (BSM) auditing capability. BSM auditing provides the means to examine the history of actions and events on your control domain to determine what happened. The history is kept in a log of what was done, when it was done, by whom, and what was affected.
To enable and disable this auditing capability, use the Solaris OS bsmconv(1M) and bsmunconv(1M) commands. This section also includes tasks that show how to verify the auditing capability, print audit output, and rotate audit logs. You can find further information about BSM auditing in the Solaris 10 System Administration Guide: Security Services.
Enable BSM Auditing
-
Add vs in the flags: line of the /etc/security/audit_control file.
-
Run the bsmconv(1M) command.
# /etc/security/bsmconv
For more information about this command, see the bsmconv(1M) man page.
-
Reboot the Solaris OS for auditing to take effect.
Verify That BSM Auditing Is Enabled
-
Type the following command.
# auditconfig -getcond
-
Check that audit condition = auditing appears in the output.
Disable BSM Auditing
-
Run the bsmunconv command to disable BSM auditing.
# /etc/security/bsmunconv
For more information about this command, see the bsmunconv(1M) man page.
-
Reboot the Solaris OS for the disabling of auditing to take effect.
Print Audit Output
-
Use one of the following to print BSM audit output:
-
Use the auditreduce(1M) and praudit(1M) commands to print audit output.
# auditreduce -c vs | praudit # auditreduce -c vs -a 20060502000000 | praudit
-
Use the praudit -x command to print XML output.
-
Rotate Audit Logs
- © 2010, Oracle Corporation and/or its affiliates