Documentation Home
> System Administration Guide: Security Services
System Administration Guide: Security Services
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Preface
Part I Security Overview
Chapter 1 Security Services (Overview)
System Security
Solaris Cryptographic Services
Authentication Services
Authentication With Encryption
Solaris Auditing
Security Policy
Part II System, File, and Device Security
Chapter 2 Managing Machine Security (Overview)
Enhancements to Machine Security in the Solaris 10 Release
Controlling Access to a Computer System
Maintaining Physical Security
Maintaining Login Control
Managing Password Information
Local Passwords
NIS and NIS+ Passwords
LDAP Passwords
Password Encryption
Password Algorithm Identifiers
Algorithms Configuration in the policy.conf File
Special System Logins
Remote Logins
Dial-Up Logins
Controlling Access to Devices
Device Policy (Overview)
Device Allocation (Overview)
Controlling Access to Machine Resources
Limiting and Monitoring Superuser
Configuring Role-Based Access Control to Replace Superuser
Preventing Unintentional Misuse of Machine Resources
Setting the PATH Variable
Assigning a Restricted Shell to Users
Restricting Access to Data in Files
Restricting setuid Executable Files
Using the Automated Security Enhancement Tool
Using the Sun Security Toolkit
Using the netservices limited Configuration
Using Solaris Resource Management Features
Using Solaris Zones
Monitoring Use of Machine Resources
Monitoring File Integrity
Controlling Access to Files
Protecting Files With Encryption
Using Access Control Lists
Sharing Files Across Machines
Restricting root Access to Shared Files
Controlling Network Access
Network Security Mechanisms
Authentication and Authorization for Remote Access
Firewall Systems
Encryption and Firewall Systems
Reporting Security Problems
Chapter 3 Controlling Access to Systems (Tasks)
Controlling System Access (Task Map)
Securing Logins and Passwords (Task Map)
Securing Logins and Passwords
How to Display a User's Login Status
How to Display Users Without Passwords
How to Temporarily Disable User Logins
How to Monitor Failed Login Attempts
How to Monitor All Failed Login Attempts
How to Create a Dial-Up Password
How to Temporarily Disable Dial-Up Logins
Changing the Password Algorithm (Task Map)
Changing the Default Algorithm for Password Encryption
How to Specify an Algorithm for Password Encryption
How to Specify a New Password Algorithm for an NIS Domain
How to Specify a New Password Algorithm for an NIS+ Domain
How to Specify a New Password Algorithm for an LDAP Domain
How to Install a Password Encryption Module From a Third Party
Monitoring and Restricting Superuser (Task Map)
Monitoring and Restricting Superuser
How to Monitor Who Is Using the su Command
How to Restrict and Monitor Superuser Logins
SPARC: Controlling Access to System Hardware (Task Map)
Controlling Access to System Hardware
How to Require a Password for Hardware Access
How to Disable a System's Abort Sequence
Chapter 4 Controlling Access to Devices (Tasks)
Configuring Devices (Task Map)
Configuring Device Policy (Task Map)
Configuring Device Policy
How to View Device Policy
How to Change the Device Policy on an Existing Device
How to Audit Changes in Device Policy
How to Retrieve IP MIB-II Information From a /dev/* Device
Managing Device Allocation (Task Map)
Managing Device Allocation
How to Make a Device Allocatable
How to Authorize Users to Allocate a Device
How to View Allocation Information About a Device
Forcibly Allocating a Device
Forcibly Deallocating a Device
How to Change Which Devices Can Be Allocated
How to Audit Device Allocation
Allocating Devices (Task Map)
Allocating Devices
How to Allocate a Device
How to Mount an Allocated Device
How to Deallocate a Device
Device Protection (Reference)
Device Policy Commands
Device Allocation
Components of Device Allocation
Device Allocation Commands
Authorizations for the Allocation Commands
Allocate Error State
device_maps File
device_allocate File
Device-Clean Scripts
Device-Clean Script for Tapes
Device-Clean Scripts for Diskettes and CD-ROM Drives
Device-Clean Script for Audio
Writing New Device-Clean Scripts
Chapter 5 Using the Basic Audit Reporting Tool (Tasks)
Basic Audit Reporting Tool (Overview)
BART Features
BART Components
BART Manifest
BART Report
BART Rules File
Using BART (Task Map)
Using BART (Tasks)
BART Security Considerations
How to Create a Manifest
How to Customize a Manifest
How to Compare Manifests for the Same System Over Time
How to Compare Manifests From a Different System With the Manifest of a Control System
How to Customize a BART Report by Specifying File Attributes
How to Customize a BART Report by Using a Rules File
BART Manifest, Rules File, and Reporting (Reference)
BART Manifest File Format
BART Rules File Format
Rules File Attributes
Quoting Syntax
BART Reporting
BART Output
Chapter 6 Controlling Access to Files (Tasks)
Using UNIX Permissions to Protect Files
Commands for Viewing and Securing Files
File and Directory Ownership
UNIX File Permissions
Special File Permissions (setuid, setgid and Sticky Bit)
setuid Permission
setgid Permission
Sticky Bit
Default umask Value
File Permission Modes
Using Access Control Lists to Protect UFS Files
ACL Entries for UFS Files
ACL Entries for UFS Directories
Commands for Administering UFS ACLs
Preventing Executable Files From Compromising Security
Protecting Files (Task Map)
Protecting Files With UNIX Permissions (Task Map)
How to Display File Information
How to Change the Owner of a File
How to Change Group Ownership of a File
How to Change File Permissions in Symbolic Mode
How to Change File Permissions in Absolute Mode
How to Change Special File Permissions in Absolute Mode
Protecting UFS Files With ACLs (Task Map)
How to Check if a File Has an ACL
How to Add ACL Entries to a File
How to Copy an ACL
How to Change ACL Entries on a File
How to Delete ACL Entries From a File
How to Display ACL Entries for a File
Protecting Against Programs With Security Risk (Task Map)
How to Find Files With Special File Permissions
How to Disable Programs From Using Executable Stacks
Chapter 7 Using the Automated Security Enhancement Tool (Tasks)
Automated Security Enhancement Tool (ASET)
ASET Security Levels
ASET Task List
System Files Permissions Tuning
System Files Checks
User and Group Checks
System Configuration Files Check
Environment Variables Check
eeprom Check
Firewall Setup
ASET Execution Log
Example of an ASET Execution Log File
ASET Reports
Format of ASET Report Files
Examining ASET Report Files
Comparing ASET Report Files
ASET Master Files
Tune Files
The uid_aliases File
The Checklist Files
ASET Environment File (asetenv)
Configuring ASET
Modifying the Environment File (asetenv)
Choosing Which Tasks to Run: TASKS
Specifying Directories for System Files Checks Task: CKLISTPATH
Scheduling ASET Execution: PERIODIC_SCHEDULE
Specifying an Aliases File: UID_ALIASES
Extending Checks to NIS+ Tables: YPCHECK
Modifying the Tune Files
Restoring System Files Modified by ASET
Network Operation With the NFS System
Providing a Global Configuration for Each Security Level
Collecting ASET Reports
ASET Environment Variables
ASETDIR Environment Variable
ASETSECLEVEL Environment Variable
PERIODIC_SCHEDULE Environment Variable
TASKS Environment Variable
UID_ALIASES Environment Variable
YPCHECK Environment Variable
CKLISTPATH_level Environment Variables
ASET File Examples
Tune File Examples
Aliases File Examples
Running ASET (Task Map)
How to Run ASET Interactively
How to Run ASET Periodically
How to Stop Running ASET Periodically
How to Collect ASET Reports on a Server
Troubleshooting ASET Problems
ASET Error Messages
Part III Roles, Rights Profiles, and Privileges
Chapter 8 Using Roles and Privileges (Overview)
What's New in RBAC?
Role-Based Access Control (Overview)
RBAC: An Alternative to the Superuser Model
Solaris RBAC Elements and Basic Concepts
RBAC Authorizations
Authorizations and Privileges
Privileged Applications and RBAC
Applications That Check UIDs and GIDs
Applications That Check for Privileges
Applications That Check Authorizations
RBAC Rights Profiles
RBAC Roles
Profile Shell in RBAC
Name Service Scope and RBAC
Security Considerations When Directly Assigning Security Attributes
Privileges (Overview)
Privileges Protect Kernel Processes
Privilege Descriptions
Administrative Differences on a System With Privileges
Privileges and System Resources
How Privileges Are Implemented
How Processes Get Privileges
Assigning Privileges
Expanding a User or Role's Privileges
Restricting a User or Role's Privileges
Assigning Privileges to a Script
Privileges and Devices
Privileges and Debugging
Chapter 9 Using Role-Based Access Control (Tasks)
Using RBAC (Task Map)
Configuring RBAC (Task Map)
Configuring RBAC
How to Plan Your RBAC Implementation
How to Create and Assign a Role by Using the GUI
How to Create a Role From the Command Line
How to Assign a Role to a Local User
How to Audit Roles
How to Make root User Into a Role
Using Roles (Task Map)
Using Roles
How to Assume a Role in a Terminal Window
How to Assume a Role in the Solaris Management Console
Managing RBAC (Task Map)
Managing RBAC
How to Change the Password of a Role
How to Change the Properties of a Role
How to Create or Change a Rights Profile
How to Change the RBAC Properties of a User
How to Add RBAC Properties to Legacy Applications
Chapter 10 Role-Based Access Control (Reference)
Contents of Rights Profiles
Primary Administrator Rights Profile
System Administrator Rights Profile
Operator Rights Profile
Printer Management Rights Profile
Basic Solaris User Rights Profile
All Rights Profile
Order of Rights Profiles
Viewing the Contents of Rights Profiles
Authorization Naming and Delegation
Authorization Naming Conventions
Example of Authorization Granularity
Delegation Authority in Authorizations
Databases That Support RBAC
RBAC Database Relationships
RBAC Databases and the Name Service
user_attr Database
auth_attr Database
prof_attr Database
exec_attr Database
policy.conf File
RBAC Commands
Commands That Manage RBAC
Commands That Require Authorizations
Chapter 11 Privileges (Tasks)
Managing and Using Privileges (Task Map)
Managing Privileges (Task Map)
Managing Privileges
How to Determine the Privileges on a Process
How to Determine Which Privileges a Program Requires
How to Add Privileges to a Command
How to Assign Privileges to a User or Role
How to Limit a User's or Role's Privileges
How to Run a Shell Script With Privileged Commands
Determining Your Privileges (Task Map)
Determining Your Assigned Privileges
How to Determine the Privileges That You Have Been Directly Assigned
How to Determine the Privileged Commands That You Can Run
How to Determine the Privileged Commands That a Role Can Run
Chapter 12 Privileges (Reference)
Administrative Commands for Handling Privileges
Files With Privilege Information
Privileges and Auditing
Prevention of Privilege Escalation
Legacy Applications and the Privilege Model
Part IV Solaris Cryptographic Services
Chapter 13 Solaris Cryptographic Framework (Overview)
What's New in the Solaris Cryptographic Framework?
Solaris Cryptographic Framework
Terminology in the Solaris Cryptographic Framework
Scope of the Solaris Cryptographic Framework
Administrative Commands in the Solaris Cryptographic Framework
User-Level Commands in the Solaris Cryptographic Framework
Binary Signatures for Third-Party Software
Plugins to the Solaris Cryptographic Framework
Cryptographic Services and Zones
Chapter 14 Solaris Cryptographic Framework (Tasks)
Using the Cryptographic Framework (Task Map)
Protecting Files With the Solaris Cryptographic Framework (Task Map)
Protecting Files With the Solaris Cryptographic Framework
How to Generate a Symmetric Key by Using the dd Command
How to Generate a Symmetric Key by Using the pktool Command
How to Compute a Digest of a File
How to Compute a MAC of a File
How to Encrypt and Decrypt a File
Administering the Cryptographic Framework (Task Map)
Administering the Cryptographic Framework
How to List Available Providers
How to Add a Software Provider
How to Prevent the Use of a User-Level Mechanism
How to Prevent the Use of a Kernel Software Provider
How to List Hardware Providers
How to Disable Hardware Provider Mechanisms and Features
How to Refresh or Restart All Cryptographic Services
Chapter 15 Solaris Key Management Framework
Managing Public Key Technologies
Key Management Framework Utilities
KMF Policy Management
KMF Keystore Management
Using the Key Management Framework (Task Map)
Using the Key Management Framework (Tasks)
How to Create a Certificate by Using the pktool gencert Command
How to Import a Certificate Into Your Keystore
How to Export a Certificate and Private Key in PKCS #12 Format
How to Generate a Passphrase by Using the pktool setpin Command
Part V Authentication Services and Secure Communication
Chapter 16 Using Authentication Services (Tasks)
Overview of Secure RPC
NFS Services and Secure RPC
DES Encryption With Secure NFS
Kerberos Authentication
Diffie-Hellman Authentication and Secure RPC
Implementation of Diffie-Hellman Authentication
Generating the Public Keys and Secret Keys for Secure RPC
Running the keylogin Command for Secure RPC
Generating the Conversation Key for Secure RPC
Initially Contacting the Server in Secure RPC
Decrypting the Conversation Key in Secure RPC
Storing Information on the Server in Secure RPC
Returning the Verifier to the Client in Secure RPC
Authenticating the Server in Secure RPC
Handling Transactions in Secure RPC
Administering Secure RPC (Task Map)
Administering Authentication With Secure RPC
How to Restart the Secure RPC Keyserver
How to Set Up a Diffie-Hellman Key for an NIS+ Host
How to Set Up a Diffie-Hellman Key for an NIS+ User
How to Set Up a Diffie-Hellman Key for an NIS Host
How to Set Up a Diffie-Hellman Key for an NIS User
How to Share NFS Files With Diffie-Hellman Authentication
Chapter 17 Using PAM
PAM (Overview)
Benefits of Using PAM
Introduction to the PAM Framework
Changes to PAM for the Solaris 10 Release
PAM (Tasks)
PAM (Task Map)
Planning for Your PAM Implementation
How to Add a PAM Module
How to Prevent Rhost-Style Access From Remote Systems With PAM
How to Log PAM Error Reports
PAM Configuration (Reference)
PAM Configuration File Syntax
How PAM Stacking Works
PAM Stacking Example
Chapter 18 Using SASL
SASL (Overview)
SASL (Reference)
SASL Plug-ins
SASL Environment Variable
SASL Options
Chapter 19 Using Solaris Secure Shell (Tasks)
Solaris Secure Shell (Overview)
Solaris Secure Shell Authentication
Solaris Secure Shell in the Enterprise
Solaris Secure Shell and the OpenSSH Project
Solaris Secure Shell (Task Map)
Configuring Solaris Secure Shell (Task Map)
Configuring Solaris Secure Shell
How to Set Up Host-Based Authentication for Solaris Secure Shell
How to Enable Solaris Secure Shell v1
How to Configure Port Forwarding in Solaris Secure Shell
Using Solaris Secure Shell (Task Map)
Using Solaris Secure Shell
How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
How to Change the Passphrase for a Solaris Secure Shell Private Key
How to Log In to a Remote Host With Solaris Secure Shell
How to Reduce Password Prompts in Solaris Secure Shell
How to Set Up the ssh-agent Command to Run Automatically in CDE
How to Use Port Forwarding in Solaris Secure Shell
How to Copy Files With Solaris Secure Shell
How to Set Up Default Connections to Hosts Outside a Firewall
Chapter 20 Solaris Secure Shell (Reference)
A Typical Solaris Secure Shell Session
Session Characteristics in Solaris Secure Shell
Authentication and Key Exchange in Solaris Secure Shell
Acquiring GSS Credentials in Solaris Secure Shell
Command Execution and Data Forwarding in Solaris Secure Shell
Client and Server Configuration in Solaris Secure Shell
Client Configuration in Solaris Secure Shell
Server Configuration in Solaris Secure Shell
Keywords in Solaris Secure Shell
Host-Specific Parameters in Solaris Secure Shell
Solaris Secure Shell and Login Environment Variables
Maintaining Known Hosts in Solaris Secure Shell
Solaris Secure Shell Packages and Initialization
Solaris Secure Shell Files
Solaris Secure Shell Commands
Part VI Kerberos Service
Chapter 21 Introduction to the Kerberos Service
What Is the Kerberos Service?
How the Kerberos Service Works
Initial Authentication: the Ticket-Granting Ticket
Subsequent Kerberos Authentications
The Kerberos Remote Applications
Kerberos Principals
Kerberos Realms
Kerberos Servers
Kerberos Security Services
The Components of Various Kerberos Releases
Kerberos Components
Kerberos Additions for the Solaris 10 5/08 Release
Kerberos Additions for the Solaris 10 8/07 Release
Kerberos Additions for the Solaris 10 6/06 Release
Kerberos Enhancements in the Solaris 10 3/05 Release
Kerberos Components in the Solaris 9 Release
SEAM 1.0.2 Components
Kerberos Components in the Solaris 8 Release
SEAM 1.0.1 Components
SEAM 1.0 Components
Chapter 22 Planning for the Kerberos Service
Why Plan for Kerberos Deployments?
Planning Kerberos Realms
Realm Names
Number of Realms
Realm Hierarchy
Mapping Host Names Onto Realms
Client and Service Principal Names
Ports for the KDC and Admin Services
The Number of Slave KDCs
Mapping GSS Credentials to UNIX Credentials
Automatic User Migration to a Kerberos Realm
Which Database Propagation System to Use
Clock Synchronization Within a Realm
Client Configuration Options
Improving Client Login Security
KDC Configuration Options
Kerberos Encryption Types
Online Help URL in the Graphical Kerberos Administration Tool
Chapter 23 Configuring the Kerberos Service (Tasks)
Configuring the Kerberos Service (Task Map)
Configuring Additional Kerberos Services (Task Map)
Configuring KDC Servers
How to Manually Configure a Master KDC
How to Configure a KDC to Use an LDAP Data Server
How to Manually Configure a Slave KDC
How to Refresh the Ticket Granting Service Keys on a Master Server
Configuring Cross-Realm Authentication
How to Establish Hierarchical Cross-Realm Authentication
How to Establish Direct Cross-Realm Authentication
Configuring Kerberos Network Application Servers
How to Configure a Kerberos Network Application Server
Configuring Kerberos NFS Servers
How to Configure Kerberos NFS Servers
How to Create a Credential Table
How to Add a Single Entry to the Credential Table
How to Provide Credential Mapping Between Realms
How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
Configuring Kerberos Clients
Configuring Kerberos Clients (Task Map)
How to Create a Kerberos Client Installation Profile
How to Automatically Configure a Kerberos Client
How to Interactively Configure a Kerberos Client
How to Manually Configure a Kerberos Client
How to Disable Verification of the Ticket Granting Ticket (TGT)
How to Access a Kerberos Protected NFS File System as the root User
How to Configure Automatic Migration of Users in a Kerberos Realm
Synchronizing Clocks Between KDCs and Kerberos Clients
Swapping a Master KDC and a Slave KDC
How to Configure a Swappable Slave KDC
How to Swap a Master KDC and a Slave KDC
Administering the Kerberos Database
Backing Up and Propagating the Kerberos Database
The kpropd.acl File
The kprop_script Command
How to Back Up the Kerberos Database
How to Restore the Kerberos Database
How to Convert a Kerberos Database After a Server Upgrade
How to Reconfigure a Master KDC to Use Incremental Propagation
How to Reconfigure a Slave KDC to Use Incremental Propagation
How to Configure a Slave KDC to Use Full Propagation
How to Verify That the KDC Servers Are Synchronized
How to Manually Propagate the Kerberos Database to the Slave KDCs
Setting Up Parallel Propagation
Configuration Steps for Setting Up Parallel Propagation
Administering the Stash File
How to Remove a Stash File
Managing a KDC on an LDAP Directory Server
How to Mix Kerberos Principal Attributes in a Non-Kerberos Object Class Type
How to Destroy a Realm on an LDAP Directory Server
Increasing Security on Kerberos Servers
How to Enable Only Kerberized Applications
How to Restrict Access to KDC Servers
How to Use a Dictionary File to Increase Password Security
Chapter 24 Kerberos Error Messages and Troubleshooting
Kerberos Error Messages
SEAM Administration Tool Error Messages
Common Kerberos Error Messages (A-M)
Common Kerberos Error Messages (N-Z)
Kerberos Troubleshooting
Problems With the Format of the krb5.conf File
Problems Propagating the Kerberos Database
Problems Mounting a Kerberized NFS File System
Problems Authenticating as root
Observing Mapping from GSS Credentials to UNIX Credentials
Chapter 25 Administering Kerberos Principals and Policies (Tasks)
Ways to Administer Kerberos Principals and Policies
SEAM Administration Tool
Command-Line Equivalents of the SEAM Tool
The Only File Modified by the SEAM Tool
Print and Online Help Features of the SEAM Tool
Working With Large Lists in the SEAM Tool
How to Start the SEAM Tool
Administering Kerberos Principals
Administering Kerberos Principals (Task Map)
Automating the Creation of New Kerberos Principals
How to View the List of Kerberos Principals
How to View a Kerberos Principal's Attributes
How to Create a New Kerberos Principal
How to Duplicate a Kerberos Principal
How to Modify a Kerberos Principal
How to Delete a Kerberos Principal
How to Set Up Defaults for Creating New Kerberos Principals
How to Modify the Kerberos Administration Privileges
Administering Kerberos Policies
Administering Kerberos Policies (Task Map)
How to View the List of Kerberos Policies
How to View a Kerberos Policy's Attributes
How to Create a New Kerberos Policy
How to Duplicate a Kerberos Policy
How to Modify a Kerberos Policy
How to Delete a Kerberos Policy
SEAM Tool Reference
SEAM Tool Panel Descriptions
Using the SEAM Tool With Limited Kerberos Administration Privileges
Administering Keytab Files
Administering Keytab Files (Task Map)
How to Add a Kerberos Service Principal to a Keytab File
How to Remove a Service Principal From a Keytab File
How to Display the Keylist (Principals) in a Keytab File
How to Temporarily Disable Authentication for a Service on a Host
Chapter 26 Using Kerberos Applications (Tasks)
Kerberos Ticket Management
Do You Need to Worry About Tickets?
Creating a Kerberos Ticket
Viewing Kerberos Tickets
Destroying Kerberos Tickets
Kerberos Password Management
Advice on Choosing a Password
Changing Your Password
Granting Access to Your Account
Kerberos User Commands
Overview of Kerberized Commands
Forwarding Kerberos Tickets
Using Kerberized Commands (Examples)
Chapter 27 The Kerberos Service (Reference)
Kerberos Files
Kerberos Commands
Kerberos Daemons
Kerberos Terminology
Kerberos-Specific Terminology
Authentication-Specific Terminology
Types of Tickets
Ticket Lifetimes
Kerberos Principal Names
How the Kerberos Authentication System Works
How the Kerberos Service Interacts With DNS and the nsswitch.conf File
Gaining Access to a Service Using Kerberos
Obtaining a Credential for the Ticket-Granting Service
Obtaining a Credential for a Server
Obtaining Access to a Specific Service
Using Kerberos Encryption Types
Using the gsscred Table
Notable Differences Between Solaris Kerberos and MIT Kerberos
Part VII Solaris Auditing
Chapter 28 Solaris Auditing (Overview)
What Is Auditing?
How Does Auditing Work?
How Is Auditing Related to Security?
Audit Terminology and Concepts
Audit Events
Audit Classes and Preselection
Audit Records and Audit Tokens
Audit Plugin Modules
Audit Logs
Storing the Audit Trail
Examining the Audit Trail
Auditing on a System With Zones
Solaris Auditing Enhancements in the Solaris 10 Release
Chapter 29 Planning for Solaris Auditing
Planning Solaris Auditing (Task Map)
Planning Solaris Auditing (Tasks)
How to Plan Auditing in Zones
How to Plan Storage for Audit Records
How to Plan Who and What to Audit
Determining Audit Policy
Audit Policies for Asynchronous and Synchronous Events
Controlling Auditing Costs
Cost of Increased Processing Time of Audit Data
Cost of Analysis of Audit Data
Cost of Storage of Audit Data
Auditing Efficiently
Chapter 30 Managing Solaris Auditing (Tasks)
Solaris Auditing (Task Map)
Configuring Audit Files (Task Map)
Configuring Audit Files (Tasks)
How to Modify the audit_control File
How to Configure syslog Audit Logs
How to Change a User's Audit Characteristics
How to Add an Audit Class
How to Change an Audit Event's Class Membership
Configuring and Enabling the Audit Service (Task Map)
Configuring and Enabling the Audit Service (Tasks)
How to Create Partitions for Audit Files
How to Configure the audit_warn Email Alias
How to Configure Audit Policy
How to Enable the Audit Service
How to Disable the Audit Service
How to Update the Audit Service
Configuring the Audit Service in Zones (Tasks)
How to Configure All Zones Identically for Auditing
How to Configure Per-Zone Auditing
Managing Audit Records (Task Map)
Managing Audit Records
How to Display Audit Record Formats
How to Merge Audit Files From the Audit Trail
How to Select Audit Events From the Audit Trail
How to View the Contents of Binary Audit Files
How to Clean Up a not_terminated Audit File
How to Prevent Audit Trail Overflow
Troubleshooting Solaris Auditing (Tasks)
Troubleshooting Solaris Auditing (Task Map)
How to Determine That Solaris Auditing Is Running
How to Lessen the Volume of Audit Records That Are Produced
How to Audit All Commands by Users
How to Find Audit Records of Changes to Specific Files
How to Modify a User's Preselection Mask
How to Prevent the Auditing of Certain Events
How to Limit the Size of Binary Audit Files
How to Audit Logins From Other OSes
How to Audit FTP and SFTP File Transfers
Chapter 31 Solaris Auditing (Reference)
Audit Commands
auditd Daemon
audit Command
bsmrecord Command
auditreduce Command
praudit Command
auditconfig Command
Files Used in the Audit Service
system File
syslog.conf File
audit_class File
audit_control File
audit_event File
audit_startup Script
audit_user Database
audit_warn Script
bsmconv Script
Rights Profiles for Administering Auditing
Auditing and Solaris Zones
Audit Classes
Definitions of Audit Classes
Audit Class Syntax
Audit Plugins
Audit Policy
Process Audit Characteristics
Audit Trail
Conventions for Binary Audit File Names
Binary Audit File Names
Binary Audit File Timestamps
Audit Record Structure
Audit Record Analysis
Audit Token Formats
acl Token
arbitrary Token (Obsolete)
arg Token
attribute Token
cmd Token
exec_args Token
exec_env Token
exit Token (Obsolete)
file Token
group Token (Obsolete)
groups Token
header Token
ip_addr Token
ip Token (Obsolete)
ipc Token
ipc_perm Token
iport Token
opaque Token (Obsolete)
path Token
path_attr Token
privilege Token
process Token
return Token
sequence Token
socket Token
subject Token
text Token
trailer Token
uauth Token
upriv Token
zonename Token
Glossary
© 2010, Oracle Corporation and/or its affiliates