| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Verifying File Integrity by Using BART (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Using Pluggable Authentication Modules
17. Using Simple Authentication and Security Layer
18. Network Services Authentication (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
Part VII Auditing in Oracle Solaris
How to Plan Who and What to Audit
How to Plan Disk Space for Audit Records
How to Prepare to Stream Audit Records to Remote Storage
Cost of Increased Processing Time of Audit Data
The following techniques can help you achieve your organization's security goals while auditing more efficiently.
For as many audit classes as possible, only preselect those classes for users and roles, not system-wide.
Randomly audit only a certain percentage of users at any one time.
If the audit_binfile plugin is active, reduce the disk storage requirements for audit files by filtering, merging, and compressing the files. Develop procedures for archiving the files, for transferring the files to removable media, and for storing the files offline.
Monitor the audit data in real time for unusual behaviors.
audit_syslog plugin – You can extend management and analysis tools that you have already developed to handle the audit records in syslog files.
audit_binfile plugin – You can set up procedures to monitor the audit trail for certain activities. You can write a script to trigger an automatic increase in the auditing of certain users or certain systems in response to detection of unusual events.
For example, you could write a script that does the following:
Monitors the creation of audit files on the audited systems.
Processes the audit files with the tail command.
The piping of the output from the tail -0f command through the praudit command can yield a stream of audit records as the records are generated. For more information, see the tail(1) man page.
Analyzes this stream for unusual message types or other indicators, and delivers the analysis to the auditor.
Or, the script can be used to trigger automatic responses.
Constantly monitors the audit file systems for the appearance of new not_terminated audit files.
Terminates outstanding tail processes when their files are no longer being written to.
|