Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 11 Express 11/10 |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Oracle Solaris Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
31. Oracle Solaris Auditing (Reference)
Files Used in the Audit Service
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
Oracle Solaris defines audit classes as convenient containers for large numbers of audit events
You can reconfigure audit classes and make new audit classes. Audit class names can be up to 8 characters in length. The class description is limited to 72 characters. Numeric and non-alphanumeric characters are allowed.
For details, see the audit_class(4) man page.
The following table shows each predefined audit class, the descriptive name for each audit class, and a short description.
Table 31-1 Predefined Audit Classes
|
You can define new classes by modifying the /etc/security/audit_class file. You can also rename existing classes. For more information, see the audit_class(4) man page and How to Add an Audit Class.
Events in an audit class can be audited for success, events can be audited for failure, and events can be audited for both. Without a prefix, a class of events is audited for success and for failure. With a plus (+) prefix, a class of events is audited for success only. With a minus (-) prefix, a class of events is audited for failure only. The following table shows some possible representations of audit classes.
Table 31-2 Plus and Minus Prefixes to Audit Classes
|
Caution - The all class can generate large amounts of data and quickly fill up disks. Use the all class only if you have extraordinary reasons to audit all activities. |
Audit classes that were previously selected can be further modified by a caret prefix, ^. The following table shows how the caret prefix modifies a preselected audit class.
Table 31-3 Caret Prefix That Modifies Already-Specified Audit Classes
|
The audit classes and their prefixes can be specified in the following commands:
As arguments to the auditconfig command options -setflags and -setnaflags.
As values for the p_flags parameter to the audit_syslog plugin. You specify the parameter as an option to the auditconfig -setplugin audit_syslog active command.
As values for always-audit-flags:always-never-audit-flags when the profiles, useradd, usermod, roleadd, or rolemod command is used to specify user exceptions to the system-wide audit mask. The values are specified by using the -K audit_flags option.