To configure Sun Solaris
BSM in Solaris 10, you must enable Solaris Basic Security Mode and configure the classes of events
the system logs to an audit log file.
About this task
Configure Basic Security Mode and enable auditing in Sun Solaris 10.
Procedure
-
Log in to your Solaris console as a superuser or root user.
-
Enable single-user mode on your Solaris console.
-
Type the following command to run the bsmconv script and enable
auditing:
/etc/security/bsmconv
The bsmconv script enables Solaris Basic Security Mode and starts the
auditing service auditd.
-
Type the following command to open the audit control log for editing:
vi /etc/security/audit_control
-
Edit the audit control file to contain the following
information:
dir:/var/audit flags:lo,ad,ex,-fw,-fc,-fd,-fr naflags:lo,ad
-
Save the changes to the audit_control file, and then reboot the Solaris
console to start auditd.
-
Type the following command to verify that auditd starts :
/usr/sbin/auditconfig -getcond
If the auditd process is started, the following string is returned:
audit condition = auditing
What to do next
You can now convert the binary Solaris Basic Security Mode logs to a human-readable log
format.