It's always a good idea to monitor activity on your server or workstation. Solaris provides a C2 auditing level system, which is the Basic Security Module (BSM). It's enabled by running the bsmconv command. Here's an example.
# cd /etc/security
# ./bsmconv
This script is used to enable the Basic Security Module (BSM).
Shall we continue with the conversion now? [y/n] y
bsmconv: INFO: checking startup file.
bsmconv: INFO: move aside /etc/rc2.d/S92volmgt.
bsmconv: INFO: turning on audit module.
bsmconv: INFO: initializing device allocation files.
The Basic Security Module is ready.
If there were any errors, please fix them now.
Configure BSM by editing files located in /etc/security.
Reboot this system now to come up with BSM enabled.
# init 6
By the way, the binary audit files (default directory /var/audit) are a bit cryptic. Use the praudit command to convert files to a ASCII format. Also, the /etc/rc2.d/S92volmgt file was moved to /etc/security/spool.
1 comment:
How would you determine if bsmconv is actually running on your box? And if it is running should it have a PID at all times or only when it is being utilized.
Post a Comment