Preface
Auditing is a security feature required for a C2 rating in TCSEC, and is a functional requirement in the Common Criteria for Information Technology Security Evaluation, Version 2.1, August 1999 (CCv21), an ISO standard (IS 15408). C2 discretionary-access control and identification and authentication features are provided by the SolarisTM environment. The Trusted SolarisTM 2.5.1 operating environment earned an ITSEC evaluation in the United Kingdom of assurance level E3 and functionality F-B1.
Who Should Use This Book
Trusted Solaris Audit Administration is intended for the system administrator whose duties include setting up and maintaining audit file systems, and for the security administrator whose duties include determining what will be audited and analyzing the audit trail. The system administrator should be familiar with file system administration, such as NFS-mounting, sharing directories, exporting directories, and creating disk partitions. The security administrator should be familiar with the site security policy, and with the help of the system administrator, be able to create and modify shell scripts.
How This Book Is Organized
Chapter 1, Auditing Basics explains the system management and configuration of the auditing subsystem. Topics discussed include managing audit trail storage, determining global and per-user preselection, and setting site-specific configuration options.
Chapter 2, Auditing Setup covers setting up and maintaining auditing at your site. The latter part of the chapter contains procedures for setting up and maintaining auditing.
Chapter 3, Audit Trail Management and Analysis describes how the audit daemon creates the audit trail, and how to manage audit files and read the contents. The latter part of the chapter contains procedures for merging audit files, selecting records, reading the audit trail, and backing up the trail.
Chapter 4, Troubleshooting Auditing contains procedures for troubleshooting the auditing subsystem.
Appendix A, Event-to-Class Mappings lists audit events by their default audit class and alphabetically. It also connects them to their system calls and user commands.
Appendix B, Audit Record Descriptions describes in detail the content of the audit records generated, including a description of every audit token.
Appendix C, Audit Reference lists and describes the man pages for the auditing subsystem and the security attributes on the auditing subsystem files.
Related Books
All sites should have the following books or information available when setting up auditing:
From Sun Microsystems
-
Trusted Solaris 8 4/01 Release Notes
Describes any late-breaking news about auditing, including known problems.
-
Trusted Solaris Administrator's Procedures
Describes administration tasks, such as assuming a role, in detail.
From Elsewhere
-
Your site security policy
Describes the security policy and security procedures at your site.
Other books on auditing that may be useful include:
-
A Guide to Understanding Audit in Trusted Systems
-
Auditing in a UNIX System
-
DoD Trusted Computer System Evaluation Criteria (the Orange Book)
-
Compartmented Mode Workstation Evaluation Criteria
-
Guideline for Trusted Facility Management and Audit, Virgil D. Gligor, 1985
-
Common Criteria for Information Technology Security Evaluation, Version 2.1, August 1999. For online information, see http://csrc.ncsl.nist.gov/cc/ccv20/ccv2list.htm.
Ordering Sun Documents
Fatbrain.com, the Internet's most comprehensive professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
Accessing Sun Documentation Online
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
Typographic Conventions
The following table describes the typographic conventions used in this book.
Table P–1 Typographic Conventions|
Typeface or Symbol |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 |
The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% You have mail. |
|
AaBbCc123 |
What you type, contrasted with on-screen computer output |
machine_name% su Password: |
|
AaBbCc123 |
Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
|
AaBbCc123 |
Book titles, new words or terms, or words to be emphasized |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
Shell Prompts in Command Examples
The following table shows the default system prompt and administrative role prompts for the C shell, Bourne shell, and Korn shell.
Table P–2 Shell Prompts|
Shell |
Prompt |
|---|---|
| C shell prompt | machine_name% |
| root role prompt | # |
| other administrative role prompts | $ |
- © 2010, Oracle Corporation and/or its affiliates