JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11.1 Administration: Security Services     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Verifying File Integrity by Using BART (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Using Pluggable Authentication Modules

15.  Using Secure Shell

16.  Secure Shell (Reference)

17.  Using Simple Authentication and Security Layer

18.  Network Services Authentication (Tasks)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

Configuring the Audit Service (Tasks)

Configuring the Audit Service (Task Map)

How to Display Audit Service Defaults

How to Preselect Audit Classes

How to Configure a User's Audit Characteristics

How to Change Audit Policy

How to Change Audit Queue Controls

How to Configure the audit_warn Email Alias

How to Add an Audit Class

How to Change an Audit Event's Class Membership

Configuring Audit Logs (Tasks)

Configuring Audit Logs (Task Map)

How to Create ZFS File Systems for Audit Files

How to Assign Audit Space for the Audit Trail

How to Send Audit Files to a Remote Repository

How to Configure a Remote Repository for Audit Files

How to Configure syslog Audit Logs

Configuring the Audit Service in Zones (Tasks)

How to Configure All Zones Identically for Auditing

How to Configure Per-Zone Auditing

Enabling and Disabling the Audit Service (Tasks)

How to Refresh the Audit Service

How to Disable the Audit Service

How to Enable the Audit Service

Managing Audit Records on Local Systems (Tasks)

Managing Audit Records on Local Systems (Task Map)

How to Display Audit Record Definitions

How to Merge Audit Files From the Audit Trail

How to Select Audit Events From the Audit Trail

How to View the Contents of Binary Audit Files

How to Clean Up a not_terminated Audit File

How to Prevent Audit Trail Overflow

Troubleshooting the Audit Service (Tasks)

Troubleshooting the Audit Service (Task Map)

How to Determine That Auditing Is Running

How to Lessen the Volume of Audit Records That Are Produced

How to Audit All Commands by Users

How to Find Audit Records of Changes to Specific Files

How to Update the Preselection Mask of Logged In Users

How to Prevent the Auditing of Specific Events

How to Limit the Size of Binary Audit Files

How to Compress Audit Files on a Dedicated File System

How to Audit Logins From Other Operating Systems

How to Audit FTP and SFTP File Transfers

29.  Auditing (Reference)

Glossary

Index

Enabling and Disabling the Audit Service (Tasks)

The audit service is enabled by default. If the perzone audit policy is set in the global zone, zone administrators can enable, refresh, and disable the audit service in their non-global zones.

How to Refresh the Audit Service

This procedure updates the audit service when you have changed the configuration of an audit plugin after the audit service is enabled.

Before You Begin

You must become an administrator who is assigned the Audit Control rights profile. For more information, see How to Use Your Assigned Administrative Rights.

  1. Refresh the audit service.
    # audit -s

    Note - When you refresh the audit service, all temporary configuration settings are lost. Audit policy and queue controls allow temporary settings. For more information, see the auditconfig(1M) man page.


  2. Update the preselection masks of users who are currently being audited.

    Refreshing the audit service does not change the masks of existing processes. To explicitly reset the preselection mask for an existing process, see How to Update the Preselection Mask of Logged In Users.

Example 28-25 Refreshing an Enabled Audit Service

In this example, the administrator reconfigures auditing, verifies the changes, then refreshes the audit service.

How to Disable the Audit Service

This procedure shows how to disable auditing in the global zone and in a non-global zone when the perzone audit policy is set. After the perzone policy is set in the global zone, a non-global zone that has enabled auditing continues to collect audit records across global zone reboots and non-global zone reboots.

Before You Begin

To disable or enable the audit service, you must become an administrator who is assigned the Audit Control rights profile. For more information, see How to Use Your Assigned Administrative Rights.

How to Enable the Audit Service

This procedure enables the audit service for all zones after the service is disabled by an administrator. To start the audit service in a non-global zone, see Example 28-26.

Before You Begin

To enable or disable the audit service, you must become an administrator who is assigned the Audit Control rights profile. For more information, see How to Use Your Assigned Administrative Rights.

  1. Use the audit -s command to enable the audit service.
    # audit -s

    For more information, see the audit(1M) man page.

  2. Verify that auditing is enabled.
    # auditconfig -getcond
    audit condition = auditing

Example 28-26 Enabling Auditing in a Non-Global Zone

In this example, the zone administrator enables the audit service for zone1 after taking the following actions are taken:

Then, the zone administrator enables the audit service for the zone.

zone1# audit -s