Logical Domains 1.3 Administration Guide

Enabling and Using BSM Auditing

The Logical Domains Manager uses the Solaris OS Basic Security module (BSM) auditing capability. BSM auditing provides the means to examine the history of actions and events on your control domain to determine what happened. The history is kept in a log of what was done, when it was done, by whom, and what was affected.

To enable and disable this auditing capability, use the Solaris OS bsmconv(1M) and bsmunconv(1M) commands. This section also includes tasks that show how to verify the auditing capability, print audit output, and rotate audit logs. You can find further information about BSM auditing in the Solaris 10 System Administration Guide: Security Services.

ProcedureEnable BSM Auditing

  1. Add vs in the flags: line of the /etc/security/audit_control file.

  2. Run the bsmconv(1M) command.

    # /etc/security/bsmconv

    For more information about this command, see the bsmconv(1M) man page.

  3. Reboot the Solaris OS for auditing to take effect.

ProcedureVerify That BSM Auditing Is Enabled

  1. Type the following command.

    # auditconfig -getcond
  2. Check that audit condition = auditing appears in the output.

ProcedureDisable BSM Auditing

  1. Run the bsmunconv command to disable BSM auditing.

    # /etc/security/bsmunconv

    For more information about this command, see the bsmunconv(1M) man page.

  2. Reboot the Solaris OS for the disabling of auditing to take effect.

ProcedurePrint Audit Output

  1. Use one of the following to print BSM audit output:

    • Use the auditreduce(1M) and praudit(1M) commands to print audit output.

      # auditreduce -c vs | praudit
      # auditreduce -c vs -a 20060502000000 | praudit
    • Use the praudit -x command to print XML output.

ProcedureRotate Audit Logs

  1. Use the audit -n command to rotate audit logs.