Enabling OpenSolaris Auditing without Device Allocation
By Darrenmoffat-Oracle on Jul 24, 2008
Today I needed to enable auditing on my OpenSolaris system to check some audit behaviour. However I didn't want device allocation enabled, I do want mass storage devices to still be automatically mounted particularly since I was doing this on my laptop, and also because I wasn't interested in anything other than the events in the 'lo' or 'ss' class (login/logout and system state change).
When bsmconv is run it turns on auditing (on next reboot) and disables the automatic mounting of mass storage devices. The later it does by updating the HAL configuration. I creates /etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi, this is an XML format file that HAL reads when it starts up.
So the simple fix to have auditing but not device allocation is this:
islay$ pfexec bsmconv # Answer y islay$ pfexec rm etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi
We really should split these things a part like we have been planning to do for quite some time.