| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Verifying File Integrity by Using BART (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Using Pluggable Authentication Modules
17. Using Simple Authentication and Security Layer
18. Network Services Authentication (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
Part VII Auditing in Oracle Solaris
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
Audit Configuration Files and Packaging
Audit Policies for Asynchronous and Synchronous Events
Oracle Solaris defines audit classes as convenient containers for large numbers of audit events.
You can reconfigure audit classes and make new audit classes. Audit class names can be up to 8 characters in length. The class description is limited to 72 characters. Numeric and non-alphanumeric characters are allowed. For more information, see the audit_class(4) man page and How to Add an Audit Class.
 | Caution - The all class can generate large amounts of data and quickly fill disks. Use the all class only if you have extraordinary reasons to audit all activities. |
Events in an audit class can be audited for success, for failure, and for both.
Without a prefix, a class of events is audited for success and for failure.
With a plus (+) prefix, a class of events is audited for success only.
With a minus (-) prefix, a class of events is audited for failure only.
With a caret (^) preceding a prefix or an audit flag, a current preselection is modified. For example,
If ot is preselected for the system, and a user's preselection is ^ot, that user is not audited for events in the other class.
If +ot is preselected for the system, and a user's preselection is ^+ot, that user is not audited for successful events in the other class.
If -ot is preselected for the system, and a user's preselection is ^-ot, that user is not audited for failed events in the other class.
To review the syntax of audit class preselection, see the audit_flags(5) man page.
The audit classes and their prefixes can be specified in the following commands:
As arguments to the auditconfig command options -setflags and -setnaflags.
As values for the p_flags attribute to the audit_syslog plugin. You specify the attribute as an option to the auditconfig -setplugin audit_syslog active command.
As values for the -K audit_flags=always-audit-flags:never-audit-flags option to the useradd, usermod, roleadd, and rolemod commands.
As values for the -always_audit and -never_audit properties of the profiles command.
|