- enable or disable Solaris Auditing
The bsmconv and bsmunconv scripts are used to enable or disable the BSM features on a Solaris system. The optional argument rootdir is a list of one or more root directories of diskless clients that have already been configured. See smdiskless(1M).
To enable or disable BSM on a diskless client, a server, or a stand-alone system, logon as super-user to the system being converted and use the bsmconv or bsmunconv commands without any options.
To enable or disable BSM on a diskless client from that client's server, logon to the server as super-user and use bsmconv, specifying the root directory of each diskless client you wish to affect. For example, the command:
myhost# bsmconv /export/root/client1 /export/root/client2
enables BSM on the two machines named client1 and client2. While the command:
enables BSM only on the machine called myhost. It is no longer necessary to enable BSM on both the server and its diskless clients.
After running bsmconv the system can be configured by editing the files in /etc/security. Each diskless client has its own copy of configuration files in its root directory. You might want to edit these files before rebooting each client.
Following the completion of either script, the affected system(s) should be rebooted to allow the auditing subsystem to come up properly initialized.
The following files are created by bsmconv:
Administrative file defining the mapping of device special files to allocatable device names.
Administrative file defining parameters for device allocation.
See attributes(5) for descriptions of the following attributes:
See the section on Solaris Auditing in System Administration Guide: Security Services.
bsmconv and bsmunconv are not valid in a non-global zone.
These commands are Obsolete and may be removed and replaced with equivalent functionality in a future release of Solaris.