Privileged Actions in the Audit Record - Securing Users and Processes in Oracle® Solaris 11.2

Securing Users and Processes in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing Users and Processes in ... » Reference for Oracle Solaris Rights » Privileges Reference » Privileged Actions in the Audit Record

Updated: July 2014

Securing Users and Processes in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 About Using Rights to Control Users and Processes

Chapter 2 Planning Your Administrative Rights Configuration

Chapter 3 Assigning Rights in Oracle Solaris

Chapter 4 Assigning Rights to Applications, Scripts, and Resources

Chapter 5 Managing the Use of Rights

Chapter 6 Listing Rights in Oracle Solaris

Chapter 7 Troubleshooting Rights in Oracle Solaris

Chapter 8 Reference for Oracle Solaris Rights

Rights Profiles Reference

Viewing the Contents of Rights Profiles

Authorizations Reference

Authorization Naming Conventions

Delegation Authority in Authorizations

Rights Databases

Rights Databases and the Naming Services

user_attr Database

auth_attr Database

prof_attr Database

exec_attr Database

policy.conf File

Commands for Administering Rights

Commands That Manage Authorizations, Rights Profiles, and Roles

Selected Commands That Require Authorizations

Privileges Reference

Commands for Handling Privileges

Files That Contain Privilege Information

Privileged Actions in the Audit Record

Security Glossary

Language:

Privileged Actions in the Audit Record

Privilege use can be audited. Any time that a process uses a privilege, the use of privilege is recorded in the audit trail in the upriv audit token. When privilege names are part of the record, their textual representation is used. The following audit events record use of privilege:

AUE_SETPPRIV audit event – Generates an audit record when a privilege set is changed. The AUE_SETPPRIV audit event is in the pm class.
AUE_MODALLOCPRIV audit event – Generates an audit record when a privilege is added from outside the kernel. The AUE_MODALLOCPRIV audit event is in the ad class.
AUE_MODDEVPLCY audit event – Generates an audit record when the device policy is changed. The AUE_MODDEVPLCY audit event is in the ad class.
AUE_PFEXEC audit event – Generates an audit record when a call is made to execve() with pfexec() enabled. The AUE_PFEXEC audit event is in the as, ex, ps, and ua audit classes. The names of the privileges are included in the audit record.

The successful use of privileges that are in the basic set is not audited. An attempt to use a basic privilege that has been removed from a user's basic set is audited.

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices