JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Security Services     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Using the Basic Audit Reporting Tool (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Network Services Authentication (Tasks)

15.  Using PAM

16.  Using SASL

17.  Using Secure Shell (Tasks)

18.  Secure Shell (Reference)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Audit Service

Audit Service Man Pages

Rights Profiles for Administering Auditing

Auditing and Oracle Solaris Zones

Audit Classes

Audit Class Syntax

Audit Plugins

Audit Policy

Audit Policies for Asynchronous and Synchronous Events

Process Audit Characteristics

Audit Trail

Conventions for Binary Audit File Names

Audit Record Structure

Audit Record Analysis

Audit Token Formats

acl Token

argument Token

attribute Token

cmd Token

exec_args Token

exec_env Token

file Token

fmri Token

group Token

header Token

ip address Token

ip port Token

ipc Token

IPC_perm Token

path Token

path_attr Token

privilege Token

process Token

return Token

sequence Token

socket Token

subject Token

text Token

trailer Token

use of authorization Token

use of privilege Token

user Token

xclient Token

zonename Token



Audit Policy

Audit policy determines if additional information is added to the audit trail.

The following policies add tokens to audit records: arge, argv, group, path, seq, trail, windata_down, windata_up, and zonename. The windata_down and windata_up policies are used by the Trusted Extensions feature of Oracle Solaris. For more information, see Chapter 22, Trusted Extensions Auditing (Overview), in Trusted Extensions Configuration and Administration.

The remaining policies do not add tokens. The public policy limits auditing of public files. The perzone policy establishes separate audit queues for non-global zones. The ahlt and cnt policies determine what happens when audit records cannot be delivered. For details, see Audit Policies for Asynchronous and Synchronous Events.

The effects of the different audit policy options are described in Understanding Audit Policy. For a description of audit policy options, see the -setpolicy option in the auditconfig(1M) man page. For a list of available policy options, run the command auditconfig -lspolicy. For the current policy, run the command auditconfig -getpolicy.

Audit Policies for Asynchronous and Synchronous Events

Together, the ahlt policy and the cnt policy govern what happens when the audit queue is full and cannot accept more events.

Note - The cnt or ahlt policy is not triggered if the queue for at least one plugin can accept audit records.

The cnt and ahlt policies are independent and related. The combinations of the policies have the following effects: