Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 11 Express 11/10 |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Oracle Solaris Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
31. Oracle Solaris Auditing (Reference)
Files Used in the Audit Service
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
The Oracle Solaris audit service, auditd, is disabled by default. To enable, refresh, or disable the service, see audit Command.
The Oracle Solaris audit service, auditd, is enabled by default.
Without customer configuration, when you enable the service, the following defaults are in place:
All login events are audited.
Both successful and unsuccessful login attempts are audited.
All users are audited for login, logout, and role assumption events.
The audit_binfile plugin is active. The /var/audit directory stores audit records, the size of an audit file is not limited, and the queue size is 100 records.
The cnt policy is set.
When audit records fill the available disk space, the system keeps a count of the number of dropped audit records. No warning is issued.
The following audit queue controls are set:
Maximum number of records in the audit queue before generating the records locks - 100
Minimum number of records in the audit queue before blocked auditing processes unblock - 10
Buffer size for the audit queue - 8192 bytes
Interval between writing audit records to the audit trail - 20 seconds
To display the defaults, see How to Display Audit Service Defaults.
The audit service enables you to set temporary, or active values. These values can differ from configured, or property values.
Temporary settings are not restored when you refresh or restart the audit service.
Audit policy and audit queue controls accept temporary values. Audit flags do not have a temporary setting.
Configured settings are stored as property values of the service, so are restored when you refresh or restart the audit service.
Rights profiles control who can administer the audit service. For more information, see Rights Profiles for Administering Auditing.
By default, all zones are audited identically. See Auditing and Oracle Solaris Zones.