Enabling the Solaris Auditing subsystem
To configure the Solaris Auditing subsystem on Solaris 9 or Solaris 10 we simply run the bsmconv
command-line utility from the /etc/security directory.
- Copy the current configuration file:
# cp /etc/security/audit_control /etc/security/audit_control.orig
- Enable the audit subsystem
# cd /etc/security # ./bsmconv
- Once enabled, confirm that the file /etc/security/audit_control contains the following lines:
flags: ua,fm,cl,pc,fw,fr,ad,as,fc,ps,fd,nf naflags: fm,cl,pc,fw,fr,as,ad,fc,ps,fd,nf minfree:20 dir:/var/audit
- minfree — % free disk space
- dir — directory where to log the information
- If you have modified the control file, use the audit command to check the syntax is ok. For example:
# audit -v /etc/security/audit_control syntax ok
- Reboot the Solaris system:
# init 6