System Administration Guide: Security Services

ProcedureHow to Enable the Audit Service

This procedure enables the audit service for all zones. To start the audit daemon in a non-global zone, see Example 30–17.

When auditing is configured securely, the system is in single-user mode until auditing is enabled. You can also enable auditing in multiuser mode.

Before You Begin

You should perform this procedure as superuser after completing the following tasks:

  1. Run the script that enables the audit service.

    Go to the /etc/security directory, and execute the bsmconv script there.

    # cd /etc/security
    # ./bsmconv
    This script is used to enable the Basic Security Module (BSM).
    Shall we continue with the conversion now? [y/n] y
    bsmconv: INFO: checking startup file.
    bsmconv: INFO: turning on audit module.
    bsmconv: INFO: initializing device allocation.
    The Basic Security Module is ready.
    If there were any errors, please fix them now.
    Configure BSM by editing files located in /etc/security.
    Reboot this system now to come up with BSM enabled.

    For the effects of the script, see the bsmconv(1M) man page.

  2. Reboot the system.

    # reboot

    The auditd daemon starts the audit service when the system enters multiuser mode. The FMRI for the audit service is svc:/system/auditd:default.

    Another effect of the script is to turn on device allocation. To configure device allocation, see Managing Device Allocation (Task Map).

Example 30–17 Enabling Auditing in a Non-Global Zone

In the following example, the global zone administrator turned on perzone policy after auditing was enabled in the global zone and after the non-global zone had booted. The zone administrator of the non-global zone has configured the audit files for the zone, and then starts the audit daemon in the zone.

zone1# svcadm enable svc:/system/auditd