Configuring and Using Auditing

You should administer and audit an Oracle Solaris instance in a guest domain the same as you would an Oracle Solaris OS running on a bare-metal system. You can customize the Oracle Solaris OS auditing feature to audit only those functions and system services that are important for your environment. For Oracle VM Server for SPARC, ensure that the virtualization software class is audited. You can perform other auditing-related tasks. See Using the Audit Service in Oracle Solaris 11 Security Guidelines and How to Audit Significant Events in Addition to Login/Logout in Oracle Solaris 11 Security Guidelines.

The Logical Domains Manager creates audit events and passes them to the Oracle Solaris audit subsystem for storage and later examination. The history is kept in a log of what was done, when it was done, by whom, and what was affected. Note that you cannot view audit information for all of the domains in a system from its control domain.

So for each domain in the system, you can enable and disable the auditing feature based on the version of the Oracle Solaris OS that runs on your system, as follows:

• Oracle Solaris 10 OS. Use the bsmconv and bsmunconv commands. See the bsmconv(1M) and bsmunconv(1M) man pages, and the Oracle Solaris 10 version of System Administration Guide: Security Services.

• Oracle Solaris 11 OS. Use the audit command. See the audit(1M) man page and the Oracle Solaris 11 version of System Administration Guide: Security Services.

For more information, see Enabling and Using Auditing in Oracle VM Server for SPARC 2.2 Administration Guide.