|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Administration: Security Services Oracle Solaris 11 Information Library|
The following features have been introduced to auditing:
Auditing is a service. See Audit Service.
Auditing is enabled by default.
No reboot is required when disabling or enabling the audit service.
The auditconfig command is used to display and change audit policy, non-attributable flags, attributable flags, plugins, and queue controls. See the auditconfig(1M) man page.
The auditing of public objects generates less noise in the audit trail.
The auditing of non-kernel events has no performance impact.
By default, events in the login/logout class are audited for the system and for the root account.
Non-global zones can be audited without the global zone having to be audited. The only requirement for auditing in non-global zones is that the perzone audit policy be set in the global zone.
The possible number of audit classes is extended from 32 to 64. The first eight high-level bits are reserved for customers.
The rights profiles for auditing have been reconfigured. See Rights Profiles for Administering Auditing.
The audit_flags security attribute is used to configure user differences from system-wide auditing. This keyword is an argument to the useradd, usermod, roleadd, and rolemod, commands. The audit_flags value is stored in the user_attr database. See the useradd(1M), usermod(1M), roleadd(1M), rolemod(1M), and user_attr(4) man pages.
The always_audit and never_audit keywords to the profiles command update the audit_flags security attribute in the prof_attr database. For more information, see the profiles(1) man page and Order of Search for Assigned Security Attributes.
New audit classes are defined. The ft audit class contains file transfer audit events. The ftp and sftp commands are among the events that are audited by this class. The frcp audit class contains audit events that are recorded whether or not they are preselected by an administrator. The auditrecord -c classname command describes the audit events in these new classes.