Go to main content

Managing Auditing in Oracle^® Solaris 11.4

Exit Print View

» ...Documentation Home » Oracle Solaris 11.4 Information Library » Managing Auditing in Oracle^® ... » Managing the Audit Service » Configuring the Audit Service in Zones » How to Configure Per-Zone Auditing

Updated: November 2020

Managing Auditing in Oracle^® Solaris 11.4

Document Information

Using This Documentation

Chapter 1 About Auditing in Oracle Solaris

Chapter 2 Planning for Auditing

Chapter 3 Managing the Audit Service

Default Configuration of the Audit Service

sstore Audit Meta-Class

Displaying Audit Service Defaults

Enabling and Disabling the Audit Service

Configuring the Audit Service

Configuring Audit With the auditconfig Subcommands

Auditing Per User or Rights Profile

New Feature – Auditing Events Temporarily

New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings

New Feature – Auditing Verified Boot

New Feature – auditstat Command Extended

Audit Configuration Task Map

How to Preselect Audit Classes

How to Configure a User's Audit Characteristics

How to Change Audit Policy

How to Configure the audit_warn Email Alias

How to Add an Audit Class

How to Change an Audit Event's Class Membership

New Feature – Annotating Reason for Access in the Audit Record

Configuring Annotation

PAM Supports Annotation of Logins

Tracking Annotations in an Audit Trail

Selecting What Is Audited

How to Audit All Commands by Users

How to Audit Significant Events in Addition to Login/Logout

How to Find Audit Records of Changes to Specific Files

New Feature – Per-Object Logging of Audit Events

New Feature – Per-Privilege Logging of Audit Events

Specifying Files or Directories to Be Audited

How to Update the Preselection Mask of Logged In Users

How to Prevent the Auditing of Specific Events

How to Compress Audit Files on a Dedicated File System

How to Audit FTP and SFTP File Transfers

Configuring the Audit Service in Zones

How to Configure All Zones Identically for Auditing

How to Configure Per-Zone Auditing

Example: Configuring Oracle Solaris Auditing

New Feature – Restricting Access to Audit Records With File Labeling

Chapter 4 Configuring the Formats of Audit Logs and Where They Are Stored

Chapter 5 Viewing Audit Records

Chapter 6 Analyzing and Resolving Audit Issues

Chapter 7 Auditing Reference

Audit Service Glossary

Language:

How to Configure Per-Zone Auditing

This procedure enables separate zone administrators to control the audit service in their zone. For the complete list of policy options, see the auditconfig(8) man page.

Before You Begin

To configure auditing, you must become an administrator who is assigned the Audit Configuration rights profile. To enable the audit service, you must become an administrator who is assigned the Audit Control rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

In the global zone, configure auditing.
1. Complete the tasks in Configuring the Audit Service.
2. Add the perzone audit policy.
  For the command, see Example 9, Setting the perzone Audit Policy.
  
  Note - You are not required to enable the audit service in the global zone.
In each non-global zone that you plan to audit, configure the audit files.
1. Complete the tasks in Configuring the Audit Service.
2. Do not add the perzone or ahlt policy to the non-global zone.
Enable auditing in your zone.
```
myzone$ pfexec audit -s
```

Example 17 Disabling Auditing in a Non-Global Zone

This example works if the perzone audit policy is set. The zone administrator of the noaudit zone disables auditing for that zone.

noauditzone$ pfexec auditconfig -getcond
audit condition = auditing
noauditzone$ pfexec audit -t
noauditzone$ pfexec auditconfig -getcond
audit condition = noaudit

Copyright © 2002, 2020, Oracle and/or its affiliates.