Enabling the Solaris Auditing subsystem

To configure the Solaris Auditing subsystem on Solaris 9 or Solaris 10 we simply run the bsmconv command-line utility from the /etc/security directory.

  1. Copy the current configuration file:
    # cp /etc/security/audit_control /etc/security/audit_control.orig
  2. Enable the audit subsystem
    # cd /etc/security
    # ./bsmconv
  3. Once enabled, confirm that the file /etc/security/audit_control contains the following lines:
    flags: ua,fm,cl,pc,fw,fr,ad,as,fc,ps,fd,nf
    naflags: fm,cl,pc,fw,fr,as,ad,fc,ps,fd,nf
    minfree:20
    dir:/var/audit
    • minfree — % free disk space
    • dir — directory where to log the information
  4. If you have modified the control file, use the audit command to check the syntax is ok. For example:
    # audit -v /etc/security/audit_control
    syntax ok
  5. Reboot the Solaris system:
    # init 6