| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Administration: Security Services Oracle Solaris 11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris Administration: Security Services Oracle Solaris 11 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Network Services Authentication (Tasks)
17. Using Secure Shell (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
Part VII Auditing in Oracle Solaris
Audit Terminology and Concepts
Audit Classes and Preselection
Audit Records and Audit Tokens
Storing and Managing the Audit Trail
How Is Auditing Related to Security?
The following features have been introduced to auditing:
Auditing is a service. See Audit Service.
Auditing is enabled by default.
No reboot is required when disabling or enabling the audit service.
The auditconfig command is used to display and change audit policy, non-attributable flags, attributable flags, plugins, and queue controls. See the auditconfig(1M) man page.
The auditing of public objects generates less noise in the audit trail.
The auditing of non-kernel events has no performance impact.
By default, events in the login/logout class are audited for the system and for the root account.
Oracle Solaris supplies three plugins, audit_binfile, audit_remote, and audit_syslog. See the audit_binfile(5), audit_remote(5), and audit_syslog(5) man pages.
Non-global zones can be audited without the global zone having to be audited. The only requirement for auditing in non-global zones is that the perzone audit policy be set in the global zone.
The possible number of audit classes is extended from 32 to 64. The first eight high-level bits are reserved for customers.
The rights profiles for auditing have been reconfigured. See Rights Profiles for Administering Auditing.
The audit_flags security attribute is used to configure user differences from system-wide auditing. This keyword is an argument to the useradd, usermod, roleadd, and rolemod, commands. The audit_flags value is stored in the user_attr database. See the useradd(1M), usermod(1M), roleadd(1M), rolemod(1M), and user_attr(4) man pages.
The always_audit and never_audit keywords to the profiles command update the audit_flags security attribute in the prof_attr database. For more information, see the profiles(1) man page and Order of Search for Assigned Security Attributes.
New audit classes are defined. The ft audit class contains file transfer audit events. The ftp and sftp commands are among the events that are audited by this class. The frcp audit class contains audit events that are recorded whether or not they are preselected by an administrator. The auditrecord -c classname command describes the audit events in these new classes.
|