Documentation Home
> SunSHIELD Basic Security Module Guide
SunSHIELD Basic Security Module Guide
Book Information
Preface
Chapter 1 Installation
Enabling BSM
Disabling BSM
BSM and Client-Server Relationships
Chapter 2 Administering Auditing
More on Auditing
Audit Startup
Audit Classes and Events
Kernel Events
User-Level Events
Audit Records
Audit Flags
Definitions of Audit Flags
Audit Flag Syntax
Prefixes to Modify Previously Set Audit Flags
The audit_control File
Sample audit_control File
User Audit Fields in the audit_user File
Process Audit Characteristics
Process Preselection Mask
Audit ID
Audit Session ID
Terminal ID
How the Audit Trail Is Created
audit_data File
Audit Daemon's Role
What Makes a Directory Suitable
Keeping Audit Files Manageable
The audit_warn Script
Using the auditreduce Command
Controlling Audit Costs
Cost of Increased Processing Time
Cost of Analysis
Cost of Storage
Auditing Normal Users
Auditing Efficiently
How to Combine and Reduce audit Files
Learning About the Audit Trail
More About the Audit Files
Audit File Naming
How Audit File Names Are Used
Time-Stamp Format and Interpretation
Example of a File Name for a Still-Active File
Example of a Closed Audit File Name
Handling Nonactive Files Marked not_terminated
How to Create Audit Partitions and Export Them
Example audit_control File Entries
How to Configure Auditing
How to Plan Audit Configuration
Preventing Audit Trail Overflow
How to Prevent Audit Trail Overflow
The auditconfig Command
Setting Audit Policies
How to Change Which Events Are in Which Audit Classes
Changing Class Definitions
Chapter 3 Audit Trail Analysis
Auditing Features
Audit User ID
Audit Session ID
Self-Contained Audit Records
Tools for Merging, Selecting, Viewing, and Interpreting Audit Records
Audit Record Format
Order of Audit Tokens
Human-Readable Audit Record Format
header Token
trailer Token
arbitrary Token
arg Token
attr Token
exit Token
file Token
groups Token
in_addr Token
ip Token
ipc Token
ipc_perm Token
iport Token
opaque Token
path Token
process Token
return Token
seq Token
socket Token
subject Token
text Token
Using the auditreduce Command
How auditreduce Helps in a Distributed System
Using auditreduce
How to Display the Whole Audit Log
How to Print the Whole Audit Log
How to Display User Activity from a Selected Date
How to Copy Login/Logout Messages to a Single File
How to Clean Up a not_terminated Audit File
Other Useful auditreduce Options
Using praudit
Chapter 4 Device Allocation
Risks Associated With Device Use
Components of the Device-Allocation Mechanism
Using the Device-Allocation Utilities
The Allocate Error State
The device_maps File
The device_allocate File
Device-Clean Scripts
Object Reuse
Device-Clean Script for Tapes
Device-Clean Scripts for Diskettes and CD-ROM Devices
Device-Clean Script for Audio
Writing New Device-Clean Scripts
Setting Up Lock Files
How to Set Up Lock Files for a Device to Be Made Allocatable
How the Allocate Mechanism Works
Managing and Adding Devices
How to Manage Devices
How to Add a New Allocatable Device
Using Device Allocations
How to Allocate a Device
How to Deallocate a Device
Appendix A Audit Record Descriptions
Audit Record Structure
Audit Token Structure
acl token
arbitrary Token
arg Token
attr Token
exec_args Token
exec_env Token
exit Token
file Token
groups Token (Obsolete)
header Token
in_addr Token
ip Token
ipc Token
ipc_perm Token
iport Token
newgroups Token
opaque Token
path Token
process Token
return Token
seq Token
socket Token
socket-inet Token
subject Token
text Token
trailer Token
Audit Records
General Audit Record Structure
Kernel-Level Generated Audit Records
User-Level Generated Audit Records
Event-to-System Call Translation
Appendix B BSM Reference
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
R
S
T
U
V
W
X
© 2010, Oracle Corporation and/or its affiliates