Solaris 7 (Intel Platform Edition) Release Notes

Auditing of the Network (`nt`) `audit` Class Can Cause System Failure (4172702)

When auditing is enabled, selecting for the network audit events (nt class) can cause the system to fail.

Workaround: Do not enable auditing for the network audit events (nt class) or all audit events (all class) for any user or for the default of all users. The Solaris 7 operating environment has neither of these classes enabled. Individual user audit is controlled in the /etc/security/audit_user file which has the form username:classes:classes. Do not enter either the class allor nt in either of the classes fields.

For example, do not modify an /etc/security/audit_user file with entries like

root:lo,nt:no 	
bill:all:no

Default auditing is controlled in the /etc/security/audit_control file by the flags entry which has the form flags:classes. Again, do not enter either the class all or nt in the classes field. For example, do not modify an /etc/security/audit_control file with flags entries like

dir:/var/audit
flags:nt
minfree:20
naflags:lo

This problem is addressed by the Solaris 7 10683 patch.

Auditing of the Network (nt) audit Class Can Cause System Failure (4172702)

Auditing of the Network (`nt`) `audit` Class Can Cause System Failure (4172702)