Auditing of the Network (nt) audit Class Can Cause System Failure (4172702)
When auditing is enabled, selecting for the network audit events (nt class) can cause the system to fail.
Workaround: Do not enable auditing for the network audit events (nt class) or all audit events (all class) for any user or for the default of all users. The Solaris 7 operating environment has neither of these classes enabled. Individual user audit is controlled in the /etc/security/audit_user file that has the form username:classes:classes. Do not enter the class at all or in either of the classes fields.
For example, do not modify an /etc/security/audit_user file with entries like
""root:lo,nt:no ""bill:all:no"" |
Default auditing is controlled in the /etc/security/audit_control file by the flags entry that has the form flags:classes. Again, do not enter either the class all or nt in the classes field. For example, do not modify an /etc/security/audit_control file with flags entries like dir:/var/audit
"" flags:nt""minfree:20""naflags:lo"" |
This problem is addressed by the Solaris 7 10683210683 patch.
- © 2010, Oracle Corporation and/or its affiliates