cd /etc/security
#
./bsmconv
This
script is used to enable the Basic Security Module (BSM).
Shall
we continue with the conversion now? [y/n] y
bsmconv:
INFO: checking startup file.
bsmconv:
INFO: turning on audit module.
bsmconv:
INFO: initializing device allocation.
The
Basic Security Module is ready.
If
there were any errors, please fix them now.
Configure
BSM by editing files located in /etc/security.
Reboot
this system now to come up with BSM enabled.
Reboot:
#
init 6
After the reboot, the SMF service:
svc:/system/auditd:default will be in online status and the auditd daemon will
be running:
# svcs -l auditd
fmri
svc:/system/auditd:default
name
Solaris audit daemon
enabled true
state
online
next_state none
state_time Tue Jul 23 11:11:59 2013
logfile
/var/svc/log/system-auditd:default.log
restarter
svc:/system/svc/restarter:default
contract_id 64
dependency require_all/none
svc:/system/filesystem/local (online)
dependency require_all/none
svc:/milestone/name-services (online)
dependency require_all/none
svc:/system/system-log (online)
# pgrep -fl audit
564 /usr/sbin/auditd
svcadm enable auditd
** vi
/etc/security/audit_control
Remove
before
##
audit_control file
ADD_____________________
flags:lo,ss
naflags:lo,na
plugin:name=audit_binfile.so;p_dir=/var/audit;
p_minfree=20;
plugin:name=audit_syslog.so;p_flags=+lo,-ss
