Skip Navigation Links | |
Exit Print View | |
Oracle VM Server for SPARC 3.0 Administration Guide Oracle VM Server for SPARC |
Part I Oracle VM Server for SPARC 3.0 Software
1. Overview of the Oracle VM Server for SPARC Software
2. Installing and Enabling Software
3. Oracle VM Server for SPARC Security
Delegating the Management of Logical Domains by Using RBAC
Using Rights Profiles and Roles
Logical Domains Manager Profile Contents
Controlling Access to a Domain Console by Using RBAC
How to Control Access to All Domain Consoles by Using Roles
How to Control Access to All Domain Consoles by Using Rights Profiles
How to Control Access to a Single Console by Using Roles
How to Control Access to a Single Console by Using Rights Profiles
4. Setting Up Services and the Control Domain
11. Managing Domain Configurations
12. Performing Other Administration Tasks
Part II Optional Oracle VM Server for SPARC Software
13. Oracle VM Server for SPARC Physical-to-Virtual Conversion Tool
14. Oracle VM Server for SPARC Configuration Assistant (Oracle Solaris 10)
16. Using the Oracle VM Server for SPARC Management Information Base Software
17. Logical Domains Manager Discovery
18. Using the XML Interface With the Logical Domains Manager
The Logical Domains Manager uses the Oracle Solaris OS auditing feature to examine the history of actions and events that have occurred on your control domain. The history is kept in a log of what was done, when it was done, by whom, and what was affected.
You can enable and disable the auditing feature based on the version of the Oracle Solaris OS that runs on your system, as follows:
Oracle Solaris 10 OS. Use the bsmconv and bsmunconv commands. See the bsmconv(1M) and bsmunconv(1M) man pages, and Part VII, Auditing in Oracle Solaris, in System Administration Guide: Security Services.
Oracle Solaris 11 OS. Use the audit command. See the audit(1M) man page and Part VII, Auditing in Oracle Solaris, in Oracle Solaris 11.1 Administration: Security Services.
You must configure and enable the Oracle Solaris auditing feature on your system. The Oracle Solaris OS auditing feature is used to examine the history of actions and events that have occurred on your control domain. The history is kept in a log of what was done, when it was done, by whom, and what was affected. Oracle Solaris 11 auditing is enabled by default, but you must still perform some configuration steps.
Note - Pre-existing processes are not audited for the virtualization software (vs) class. Ensure that you perform this step before regular users log in to the system.
These customizations are preserved across Oracle Solaris upgrades, but should be re-added after a fresh Oracle Solaris installation.
40700:AUE_ldoms:ldoms administration:vs
0x10000000:vs:virtualization_software
The following example /etc/security/audit_control fragment shows how you might specify the vs class:
dir:/var/audit flags:lo,vs minfree:20 naflags:lo,na
# /etc/security/bsmconv
Ensure that any audit classes that have already been selected are part of the updated set of classes. The following example shows that the lo class is already selected:
# auditconfig -getflags active user default audit flags = lo(0x1000,0x1000) configured user default audit flags = lo(0x1000,0x1000)
# auditconfig -setflags [class],vs
class is zero or more audit classes, separated by commas. You can see the list of audit classes in the /etc/security/audit_class file. It is important to include the vs class on your Oracle VM Server for SPARC system.
For example, the following command selects both the lo and vs classes:
# auditconfig -setflags lo,vs
If you do not want to log out, see How to Update the Preselection Mask of Logged In Users in Oracle Solaris 11.1 Administration: Security Services.
# auditconfig -getcond
If the auditing software is running, audit condition = auditing appears in the output.
# /etc/security/bsmunconv Are you sure you want to continue? [y/n] y This script is used to disable the Basic Security Module (BSM). Shall we continue the reversion to a non-BSM system now? [y/n] y bsmunconv: INFO: removing c2audit:audit_load from /etc/system. bsmunconv: INFO: stopping the cron daemon. The Basic Security Module has been disabled. Reboot this system now to come up without BSM.
# audit -t
# auditconfig -getcond audit condition = noaudit
# auditreduce -c vs | praudit # auditreduce -c vs -a 20060502000000 | praudit
Rotating the audit logs closes the current audit file and opens a new one in the current audit directory.