JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Security Services     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Using the Basic Audit Reporting Tool (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Network Services Authentication (Tasks)

15.  Using PAM

16.  Using SASL

17.  Using Secure Shell (Tasks)

18.  Secure Shell (Reference)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Audit Service

Audit Service Man Pages

Rights Profiles for Administering Auditing

Auditing and Oracle Solaris Zones

Audit Classes

Audit Class Syntax

Audit Plugins

Audit Policy

Audit Policies for Asynchronous and Synchronous Events

Process Audit Characteristics

Audit Trail

Conventions for Binary Audit File Names

Audit Record Structure

Audit Record Analysis

Audit Token Formats

acl Token

argument Token

attribute Token

cmd Token

exec_args Token

exec_env Token

file Token

fmri Token

group Token

header Token

ip address Token

ip port Token

ipc Token

IPC_perm Token

path Token

path_attr Token

privilege Token

process Token

return Token

sequence Token

socket Token

subject Token

text Token

trailer Token

use of authorization Token

use of privilege Token

user Token

xclient Token

zonename Token



Audit Service Man Pages

The following table summarizes the major administrative man pages for the audit service.

Man Page
Command that controls the actions of the audit service

audit -n starts a new audit file for the audit_binfile plugin.

audit -s enables and refreshes auditing.

audit -t disables auditing.

audit -v verifies that at least one plugin is active.

Default audit plugin, which sends audit records to a binary file. See also Audit Plugins.
Audit plugin that sends audit records to a remote receiver.
Audit plugin that sends text summaries of audit records to the syslog utility.
File that contains the definitions of audit classes. The eight high-order bits are available for customers to create new audit classes. For the effect of modifying this file on system upgrade, see How to Add an Audit Class.
File that contains the definitions of audit events and maps the events to audit classes. The mapping can be modified. For the effect of modifying this file on system upgrade, see How to Change an Audit Event's Class Membership.
Describes the syntax of audit class preselection, the prefixes for selecting only failed events or only successful events, and the prefixes that modify an existing preselection.
Describes the naming of binary audit files, the internal structure of a file, and the structure of every audit token.
Script that notifies an email alias when the audit service encounters an unusual condition while writing audit records. You can customize this script for your site to warn of conditions that might require manual intervention. Or, you could specify how to handle those conditions automatically.
Command that retrieves and sets audit configuration parameters.

Type auditconfig with no options for a list of parameters that can be retrieved and set.

Command that displays the definition of audit events in the /etc/security/audit_event file. For sample output, see How to Display Audit Record Definitions.
Command that post-selects and merges audit records that are stored in binary format. The command can merge audit records from one or more input audit files. The records remain in binary format.

Uppercase options affect file selection. Lowercase options affect record selection.

Command that displays kernel audit statistics. For example, the command can display the number of records in the kernel audit queue, the number of dropped records, and the number of audit records that user processes produced in the kernel as a result of system calls.
Command that reads audit records in binary format from standard input and displays the records in a presentable format. The input can be piped from the auditreduce command or from a single audit file or a list of audit files. Input can also be produced with the tail -0f command for a current audit file.

For sample output, see How to View the Contents of Binary Audit Files.

File that is configured to send text summaries of audit records to the syslog utility for the audit_syslog plugin.