Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Controlling Access to Devices (Tasks)
5. Using the Basic Audit Reporting Tool (Tasks)
6. Controlling Access to Files (Tasks)
7. Using the Automated Security Enhancement Tool (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Oracle Solaris Secure Shell (Tasks)
20. Oracle Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
How Is Auditing Related to Security?
Audit Terminology and Concepts
Audit Classes and Preselection
Audit Records and Audit Tokens
Auditing on a System With Oracle Solaris Zones
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
Since the Solaris 9 release, the following features have been introduced to auditing:
Auditing can use the syslog utility to store audit records in text format. For discussion, see Audit Logs. To set up the audit_control file to use the syslog utility, see How to Configure syslog Audit Logs.
The praudit command has an additional output format, XML. XML is a standard, portable, processable format. The XML format enables the output to be read in a browser, and provides source for XML scripting for reports. The -x option to the praudit command is described in praudit Command.
The default set of audit classes has been restructured. Audit metaclasses provide an umbrella for finer-grained audit classes. For a list of the default set of classes, see Definitions of Audit Classes.
The bsmconv command no longer disables the use of the Stop-A key. The Stop-A event can be audited.
The timestamp in audit records is reported in ISO 8601 format. For information about the standard, see http://www.iso.org.
Three audit policy options have been added:
public – Public objects are no longer audited for read-only events. By not auditing public files, the audit log size is greatly reduced. Attempts to read sensitive files are therefore easier to monitor. For more on public objects, see Audit Terminology and Concepts.
perzone – The perzone policy has broad effects. A separate audit daemon runs in each zone. The daemon uses audit configuration files that are specific to the zone. Also, the audit queue is specific to the zone. For details, see the auditd(1M) and auditconfig(1M) man pages. For more on zones, see Auditing and Oracle Solaris Zones. For more on policy, see How to Plan Auditing in Zones.
zonename – The name of the Oracle Solaris zone in which an audit event occurred can be included in audit records. For more on zones, see Auditing and Oracle Solaris Zones. For a discussion of when to use the option, see Determining Audit Policy.
Five audit tokens have been added:
The cmd token records the list of arguments and the list of environment variables that are associated with a command. For more information, see cmd Token.
The path_attr token records the sequence of attribute file objects that are below the path token object. For more information, see path_attr Token.
The privilege token records the use of privilege on a process. For more information, see privilege Token.
The uauth token records the use of authorization with a command or action. For more information, see uauth Token.
The zonename token records the name of the non-global zone in which an audit event occurred. The zonename audit policy option determines whether the zonename token is included in the audit record. For more information, see zonename Token.
For reference information, see Auditing and Oracle Solaris Zones. To learn about zones, see Part II, Zones, in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.