How to Enable Auditing

This task starts the auditing service. If the service has been configured, then rebooting the host also starts the service.

1. Become superuser or assume an equivalent role.

2. Bring the system into single-user mode.

   # /etc/telinit 1

   See the telinit(1M) man page for more information.

3. Run the script to configure the system to run auditing.

   Go to the /etc/security directory, and execute the bsmconv script there. The script sets up a standard Solaris machine to run BSM after a reboot. See the bsmconv(1M) man page.

   # cd /etc/security # ./bsmconv

4. Bring the system into multiuser mode.

   # /etc/telinit 6

   The startup file /etc/security/audit_startup causes the audit daemon to run automatically when the system enters multiuser mode.

   ---

   Note –

   The bsmconv script adds a line to the /etc/system file that prevents users from aborting the system with the Stop-A keyboard sequence. To retain the ability to abort the system with the Stop-A keyboard sequence, you must comment out the line in the /etc/system file that reads: set abort_enable=0.

   ---