Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases

ProcedureProtect Access Logs for the Sun Java System Directory Server

The LDIF script that this procedure creates sets up the following rules for access logs:

  1. Create a script to manage access logs.

    Create a /var/tmp/logs-access.ldif file with the following content:

    dn: cn=config
    changetype: modify
    replace: nsslapd-accesslog-logging-enabled
    nsslapd-accesslog-logging-enabled: on
    replace: nsslapd-accesslog-level
    nsslapd-accesslog-level: 256
    replace: nsslapd-accesslog-logbuffering
    nsslapd-accesslog-logbuffering: on
    replace: nsslapd-accesslog-logrotationtime
    nsslapd-accesslog-logrotationtime: 1
    replace: nsslapd-accesslog-logrotationtimeunit
    nsslapd-accesslog-logrotationtimeunit: day
    replace: nsslapd-accesslog-maxlogsize
    nsslapd-accesslog-maxlogsize: 500
    replace: nsslapd-accesslog-maxlogsperdir
    nsslapd-accesslog-maxlogsperdir: 100
    replace: nsslapd-accesslog-logexpirationtime
    nsslapd-accesslog-logexpirationtime: 3
    replace: nsslapd-accesslog-logexpirationtimeunit
    nsslapd-accesslog-logexpirationtimeunit: month
    replace: nsslapd-accesslog-logmaxdiskspace
    nsslapd-accesslog-logmaxdiskspace: 20000
    replace: nsslapd-accesslog-logminfreediskspace
    nsslapd-accesslog-logminfreediskspace: 500
  2. Run the script.

    # ldapmodify -h localhost -D 'cn=directory manager' \
    -f /var/tmp/logs-access.ldif
  3. Type the password.

    Enter bind password: Type the appropriate password
    modifying entry cn=config