Enabling and Using Auditing

The Logical Domains Manager uses the Oracle Solaris OS auditing feature to examine the history of actions and events that have occurred on your control domain. The history is kept in a log of what was done, when it was done, by whom, and what was affected.

You can enable and disable the auditing feature based on the version of the Oracle Solaris OS that runs on your system, as follows:

Oracle Solaris 10 OS. Use the bsmconv and bsmunconv commands. See the bsmconv(1M) and bsmunconv(1M) man pages, and the Oracle Solaris 10 version of System Administration Guide: Security Services.
Oracle Solaris 11 Express OS. Use the audit command. See the audit(1M) man page and the Oracle Solaris 11 Express version of System Administration Guide: Security Services.

Enable Auditing

Add customizations to the /etc/security/audit_event and /etc/security/audit_class files.
These customizations are preserved across Oracle Solaris upgrades, but should be re-added after a fresh Oracle Solaris installation.
1. Add the following entry to the audit_event file, if not already present:
```
40700:AUE_ldoms:ldoms administration:vs
```
2. Add the following entry to the audit_class file, if not already present:
```
0x10000000:vs:virtualization_software
```
Enable the auditing feature.
- Enable the auditing feature on your Oracle Solaris 10 system.
  1. Run the bsmconv command.
```
# /etc/security/bsmconv
```
  2. Reboot the system.
- Enable the auditing feature on your Oracle Solaris 11 Express system.
```
# audit -s
```
Verify that the auditing software is running.
```
# auditconfig -getcond
```
If the auditing software is running, audit condition = auditing appears in the output.

Disable Auditing

Disable the auditing feature.

Disable the auditing feature on your Oracle Solaris 10 system.

Run the bsmunconv command.

# /etc/security/bsmunconv
Are you sure you want to continue? [y/n] y
This script is used to disable the Basic Security Module (BSM).
Shall we continue the reversion to a non-BSM system now? [y/n] y
bsmunconv: INFO: removing c2audit:audit_load from /etc/system.
bsmunconv: INFO: stopping the cron daemon.

The Basic Security Module has been disabled.
Reboot this system now to come up without BSM.

Reboot the system.

Disable the auditing feature on your Oracle Solaris 11 Express system.
1. Run the audit -t command.
```
# audit -t
```
2. Verify that the auditing software is no longer running.
```
# auditconfig -getcond
audit condition = noaudit
```

Print Audit Output

Use one of the following to print audit output:
- Use the auditreduce and praudit commands to print audit output.
```
# auditreduce -c vs | praudit
# auditreduce -c vs -a 20060502000000 | praudit
```
- Use the praudit -x command to print XML output.

Rotate Audit Logs

Use the audit -n command to rotate audit logs.
Rotating the audit logs closes the current audit file and opens a new one in the current audit directory.

Skip Navigation Links
Exit Print View
	Oracle VM Server for SPARC 2.1 Administration Guide Oracle VM Server for SPARC