Solaris 7 (Intel Platform Edition) Release Notes

Auditing of the Network (nt) audit Class Can Cause System Failure (4172702)

When auditing is enabled, selecting for the network audit events (nt class) can cause the system to fail.

Workaround: Do not enable auditing for the network audit events (nt class) or all audit events (all class) for any user or for the default of all users. The Solaris 7 operating environment has neither of these classes enabled. Individual user audit is controlled in the /etc/security/audit_user file which has the form username:classes:classes. Do not enter either the class allor nt in either of the classes fields.

For example, do not modify an /etc/security/audit_user file with entries like


root:lo,nt:no 	
bill:all:no
Default auditing is controlled in the /etc/security/audit_control file by the flags entry which has the form flags:classes. Again, do not enter either the class all or nt in the classes field. For example, do not modify an /etc/security/audit_control file with flags entries like

dir:/var/audit
flags:nt
minfree:20
naflags:lo
This problem is addressed by the Solaris 7 10683 patch.