Oracle MiniCluster S7-2 Security Guide

Verify the Audit Policies

The audit policy is configured during the installation of the global zones and non-global zones upon selection of a compliance profile (Default CIS equivalent or PCI-DSS).

To verify that audit policies are enabled, perform these steps.

1. Log into the global zone as mcinstall, and assume the root role.

   For Oracle ILOM login instructions, refer to Accessing Oracle ILOM in Oracle MiniCluster S7-2 Administration Guide.

   % ssh mcinstall@mc4-n1
   Password: ***************
   Last login: Tue Jun 28 10:47:38 2016 on rad/59
   Oracle Corporation      SunOS 5.11      11.3    June 2016
   Minicluster Setup successfully configured
   Unauthorized modification of this system configuration strictly prohibited
   mcinstall@mc4-n1:/var/home/mcinstall % su root
   Password: ***************
   #
   

2. Verify that the audit service is online.

   # svcs | grep svc:/system/auditd
   online         22:14:37 svc:/system/auditd:default

3. Verify that the audit plugin is active.

   # auditconfig -getplugin audit_binfile
   Plugin: audit_binfile (active)
           Attributes: p_age=0h;p_dir=/var/audit;p_fsize=0;p_minfree=1

4. Verify the active audit policies.

   # auditconfig -getpolicy
   configured audit policies = argv,cnt,perzone,zonename
   active audit policies = argv,cnt,perzone,zonename

5. Verify that all roles are captured for the cusa audit policy.

   # userattr audit_flags root
   cusa:no
   # userattr audit_flags mcadmin
   fw,fc,fd,ps,lo,ex,ua,as,cusa:no