MiniCluster relies on the use of the Oracle Solaris audit subsystem to collect, store, and process audit event information. Each VM (non-global zone) generates audit records that are stored locally to each of MiniCluster (global zone) audit store. This approach ensures that individual VMs are not able to alter their auditing policies, configurations, or recorded data, because that responsibility belongs to the cloud service provider.
The Oracle Solaris auditing functionality monitors all administrative actions, command invocations, and even individual kernel-level system calls in the VMs. This facility is highly configurable, offering global, per-zone, and even per-user auditing policies. When configured to use VM, audit records for each VM can be stored in the global zone to protect them from tampering. The global zone also leverages the native Oracle Solaris auditing facility to record actions and events associated with virtualization events and MiniCluster administration.
MiniCluster provides tools that assess and report the compliance of the Oracle Solaris runtime environment residing in the VMs. Compliance utilities are based on the Security Content Automation Protocol (SCAP) implementation. MiniCluster supports three security compliance benchmark profiles:
Default Security Profile – A CIS equivalent profile (based on the Center of Internet Security benchmark), which is more aligned with he security compliance requirements set forth by regulation, such as HIPAA, FISMA, SOX, and so on.
PCI-DSS Profile – The Payment Card Industry Data Security Standard
DISA STIG Profile – The Defense Information System Agency - Security Technical Implementation Guidance Standard. This profile builds on the Default Security Profile and introduces an additional 75 security controls, FIPS-140-2 cryptography, and support for setting an eeprom password.
The MiniCluster administrator can run the compliance benchmark on-demand and verify the environment for compliance and anomalies. These profiling tools map security controls to the compliance requirements mandated by the industry standards. The associated compliance reports can reduce significant auditing time and costs.
As of MiniCluster v.1.1.18, the system includes these auditing features:
Auditor role – When this role is specified for an MCMU user, the user can access the auditor's review page in the MCMU BUI. The user cannot view or perform any other MiniCluster administrative tasks.
Auditor review page – Is a special MCMU BUI page that only users with the auditor role can view. The page provides access to the audit pool status and provides the ability to generate audit records for all user activity on a per-zone basis. See Generate Audit Reports.