Go to main content

Managing Auditing in Oracle^® Solaris 11.4

Exit Print View

» ...Documentation Home » Oracle Solaris 11.4 Information Library » Managing Auditing in Oracle^® ... » Managing the Audit Service » Configuring the Audit Service » New Feature – Auditing Verified Boot

Updated: November 2020

Managing Auditing in Oracle^® Solaris 11.4

Document Information

Using This Documentation

Chapter 1 About Auditing in Oracle Solaris

Chapter 2 Planning for Auditing

Chapter 3 Managing the Audit Service

Default Configuration of the Audit Service

sstore Audit Meta-Class

Displaying Audit Service Defaults

Enabling and Disabling the Audit Service

Configuring the Audit Service

Configuring Audit With the auditconfig Subcommands

Auditing Per User or Rights Profile

New Feature – Auditing Events Temporarily

New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings

New Feature – Auditing Verified Boot

New Feature – auditstat Command Extended

Audit Configuration Task Map

How to Preselect Audit Classes

How to Configure a User's Audit Characteristics

How to Change Audit Policy

How to Configure the audit_warn Email Alias

How to Add an Audit Class

How to Change an Audit Event's Class Membership

New Feature – Annotating Reason for Access in the Audit Record

Configuring Annotation

PAM Supports Annotation of Logins

Tracking Annotations in an Audit Trail

Selecting What Is Audited

How to Audit All Commands by Users

How to Audit Significant Events in Addition to Login/Logout

How to Find Audit Records of Changes to Specific Files

New Feature – Per-Object Logging of Audit Events

New Feature – Per-Privilege Logging of Audit Events

Specifying Files or Directories to Be Audited

How to Update the Preselection Mask of Logged In Users

How to Prevent the Auditing of Specific Events

How to Compress Audit Files on a Dedicated File System

How to Audit FTP and SFTP File Transfers

Configuring the Audit Service in Zones

How to Configure All Zones Identically for Auditing

How to Configure Per-Zone Auditing

Example: Configuring Oracle Solaris Auditing

New Feature – Restricting Access to Audit Records With File Labeling

Chapter 4 Configuring the Formats of Audit Logs and Where They Are Stored

Chapter 5 Viewing Audit Records

Chapter 6 Analyzing and Resolving Audit Issues

Chapter 7 Auditing Reference

Audit Service Glossary

Language:

New Feature – Auditing Verified Boot

The audit service tracks whether verified boot is enabled and working on your system.

Auditing for the boot event indicates whether verified boot is enabled by checking whether boot_policy has one of the following verified boot-specific values specified:
- none (1) – No elfsign signature verification is performed when a module is loaded.
- warning (2) – If an elfsign signature is invalid or missing, prints warning but permits the module to load.
- enforce (3) – If an elfsign signature is invalid or missing, prints error and prevents the module from loading.
Auditing for the module load event, AUE_MODLOAD, indicates whether verified boot verified the module, and if that verification passed or failed. If the output of the auditreduce | praudit command includes notifications about AUE_MODLOAD audit events, verified boot is working.

For information about verified boot, see Using Verified Boot in Securing Systems and Attached Devices in Oracle Solaris 11.4.

Copyright © 2002, 2020, Oracle and/or its affiliates.