Auditing is a security feature required for a C2 rating in TCSEC. C2 discretionary-access control and identification and authentication features are provided by the standard Solaris system. The Trusted Solaris operating environment is in evaluation for a B1+ Trusted Computer System Evaluation Criteria (TCSEC) evaluation from the U.S. National Security Agency, and has earned an ITSEC evaluation in the United Kingdom of assurance level E3 and functionality F-B1.
Trusted Solaris Audit Administration is intended for the system administrator whose duties include setting up and maintaining auditing file systems, and for the security administrator whose duties include determining what will be audited and analyzing the auditing trail. The system administrator should be familiar with file system administration, such as NFS-mounting, sharing directories, exporting directories, and creating disk partitions. The security administrator should be familiar with the site security policy, and with the help of the system administrator, be able to create and modify shell scripts.
Chapter 1, Auditing Basics, explains the system management and configuration of the auditing subsystem. Topics discussed include managing audit trail storage, determining global and per-user preselection, and setting site-specific configuration options.
Chapter 2, Auditing Setup, covers setting up and maintaining auditing at your site. The latter part of the chapter contains procedures for setting up and maintaining auditing.
Chapter 3, Audit Trail Management and Analysis, describes how the audit daemon creates the audit trail, and how to manage audit files and read the contents. The latter part of the chapter contains procedures for merging audit files, selecting records, reading the audit trail, and backing up the trail.
Chapter 4, Troubleshooting Auditing, contains procedures for troubleshooting the auditing subsystem.
Appendix A, Event-to-Class Mappings, lists audit events by their default audit class and alphabetically. It also connects them to their system calls and user commands.
Appendix B, Audit Record Descriptions, describes in detail the content of the audit records generated, including a description of every audit token.
Appendix C, Audit Reference lists and describes the man pages added for the auditing subsystem in the Trusted Solaris 7 environment, and file protections on the auditing subsystem.
All sites should have the following books or information available when setting up auditing:
Trusted Solaris 7 Release Notes
Describes any late-breaking news about auditing, including known problems.
Trusted Solaris Administrator's Procedures
Describes administration tasks, such as assuming a role, in detail.
Your site security policy
Describes the security policy and security procedures at your site.
Other books on auditing that might be of interest include:
A Guide to Understanding Audit in Trusted Systems
Auditing in a UNIX System
DoD Trusted Computer System Evaluation Criteria (the Orange Book)
Compartmented Mode Workstation Evaluation Criteria
Guideline for Trusted Facility Management and Audit, Virgil D. Gligor, 1985
The Sun Software Shop stocks select manuals from Sun Microsystems, Inc. You can purchase individual printed manuals and AnswerBook2TM CDs.
For a list of documents and how to order them, visit the Software Shop at http://www.sun.com/software/shop/.
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
The following table describes the typographic conventions used in this book.
Table P-1 Typographic Conventions
Typeface or Symbol |
Meaning |
Example |
---|---|---|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
AaBbCc123 | What you type, contrasted with on-screen computer output | machine_name% su Password: |
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
<Do this> |
Used in examples: follow the instruction in the brackets. |
praudit -d"<press Tab key>" |
The following table shows the default system prompt and administrative role prompts for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts
Shell |
Prompt |
---|---|
C shell prompt | machine_name% |
root role prompt | # |
Bourne shell, Korn shell prompt, secadmin role, admin role prompt | $ |