| Document Information Preface Part I Security Overview 1.  Security Services (Overview) Part II System, File, and Device Security 2.  Managing Machine Security (Overview) 3.  Controlling Access to Systems (Tasks) 4.  Virus Scanning Service (Tasks) 5.  Controlling Access to Devices (Tasks) 6.  Using the Basic Audit Reporting Tool (Tasks) 7.  Controlling Access to Files (Tasks) Part III Roles, Rights Profiles, and Privileges 8.  Using Roles and Privileges (Overview) 9.  Using Role-Based Access Control (Tasks) 10.  Role-Based Access Control (Reference) 11.  Privileges (Tasks) 12.  Privileges (Reference) Part IV Solaris Cryptographic Services 13.  Solaris Cryptographic Framework (Overview) 14.  Solaris Cryptographic Framework (Tasks) 15.  Solaris Key Management Framework Part V Authentication Services and Secure Communication 16.  Using Authentication Services (Tasks) 17.  Using PAM 18.  Using SASL 19.  Using Solaris Secure Shell (Tasks) 20.  Solaris Secure Shell (Reference) Part VI Kerberos Service 21.  Introduction to the Kerberos Service 22.  Planning for the Kerberos Service 23.  Configuring the Kerberos Service (Tasks) 24.  Kerberos Error Messages and Troubleshooting 25.  Administering Kerberos Principals and Policies (Tasks) 26.  Using Kerberos Applications (Tasks) 27.  The Kerberos Service (Reference) Part VII Solaris Auditing 28.  Solaris Auditing (Overview) What Is Auditing? How Does Auditing Work? How Is Auditing Related to Security? Audit Terminology and Concepts Auditing on a System With Zones 29.  Planning for Solaris Auditing 30.  Managing Solaris Auditing (Tasks) 31.  Solaris Auditing (Reference) Glossary Index |       	 
             
Solaris Auditing Enhancements in the Solaris 10 ReleaseSince the Solaris 9 release, the following features have been introduced to Solaris
auditing: Solaris auditing can use the syslog utility to store audit records in text format. For discussion, see Audit Files. To set up the audit_control file to use the syslog utility, see How to Configure syslog Audit Logs.The praudit command has an additional output format, XML. XML is a standard, portable, processable format. The XML format enables the output to be read in a browser, and provides source for XML scripting for reports. The -x option to the praudit command is described in praudit Command.The default set of audit classes has been restructured. Audit metaclasses provide an umbrella for finer-grained audit classes. For a list of the default set of classes, see Definitions of Audit Classes.The bsmconv command no longer disables the use of the Stop-A key. The Stop-A event can be audited.The timestamp in audit records is reported in ISO 8601 format. For information about the standard, see http://www.iso.org.Three audit policy options have been added: public – Public objects are no longer audited for read-only events. By not auditing public files, the audit log size is greatly reduced. Attempts to read sensitive files are therefore easier to monitor. For more on public objects, see Audit Terminology and Concepts.perzone – The perzone policy has broad effects. A separate audit daemon runs in each zone. The daemon uses audit configuration files that are specific to the zone. Also, the audit queue is specific to the zone. For details, see the auditd(1M) and auditconfig(1M) man pages. For more on zones, see Auditing and Solaris Zones. For more on policy, see How to Plan Auditing in Zones.zonename – The name of the Solaris zone in which an audit event occurred can be included in audit records. For more on zones, see Auditing and Solaris Zones. For a discussion of when to use the option, see Determining Audit Policy.
Five audit tokens have been added: The cmd token records the list of arguments and the list of environment variables that are associated with a command. For more information, see cmd Token.The path_attr token records the sequence of attribute file objects that are below the path token object. For more information, see path_attr Token.The privilege token records the use of privilege on a process. For more information, see privilege Token.The uauth token records the use of authorization with a command or action. For more information, see uauth Token.The zonename token records the name of the non-global zone in which an audit event occurred. The zonename audit policy option determines whether the zonename token is included in the audit record. For more information, see zonename Token. For overview information, see Auditing and Solaris Zones. To learn about zones, see Part II, Zones, in System Administration Guide: Virtualization Using the Solaris Operating System.
 |