Enabling Basic Security Mode in Solaris 10

To configure Sun Solaris BSM in Solaris 10, you must enable Solaris Basic Security Mode and configure the classes of events the system logs to an audit log file.

About this task

Configure Basic Security Mode and enable auditing in Sun Solaris 10.

Procedure

  1. Log in to your Solaris console as a superuser or root user.
  2. Enable single-user mode on your Solaris console.
  3. Type the following command to run the bsmconv script and enable auditing:

    /etc/security/bsmconv

    The bsmconv script enables Solaris Basic Security Mode and starts the auditing service auditd.

  4. Type the following command to open the audit control log for editing:

    vi /etc/security/audit_control

  5. Edit the audit control file to contain the following information:

    dir:/var/audit flags:lo,ad,ex,-fw,-fc,-fd,-fr naflags:lo,ad

  6. Save the changes to the audit_control file, and then reboot the Solaris console to start auditd.
  7. Type the following command to verify that auditd starts :

    /usr/sbin/auditconfig -getcond

    If the auditd process is started, the following string is returned:

    audit condition = auditing

What to do next

You can now convert the binary Solaris Basic Security Mode logs to a human-readable log format.