Enable C2 Security Audits on Solaris

This is a tip I’ve found on the SysAd Blog:

Enable C2 Security Audits on Solaris:
It’s always a good idea to monitor activity on your server or workstation. Solaris provides a C2 auditing level system, which is the Basic Security Module (BSM). It’s enabled by running the bsmconv command. Here’s an example.

# cd /etc/security
# ./bsmconv
This script is used to enable the Basic Security Module (BSM).
Shall we continue with the conversion now? [y/n] y
bsmconv: INFO: checking startup file.
bsmconv: INFO: move aside /etc/rc2.d/S92volmgt.
bsmconv: INFO: turning on audit module.
bsmconv: INFO: initializing device allocation files.

The Basic Security Module is ready.
If there were any errors, please fix them now.
Configure BSM by editing files located in /etc/security.
Reboot this system now to come up with BSM enabled.

#init 6

By the way, the binary audit files (default directory /var/audit) are a bit cryptic. Use the praudit command to convert files to a ASCII format. Also, the /etc/rc2.d/S92volmgt file was moved to /etc/security/spool.

Technorati Tags: ,