Tuesday Jul 28, 2009

(Secured) Remote Audit Trail in OpenSolaris

Phase 1 (the sending side) of the Secured (by GSS-API for data integrity and data confidentiality) Remote Audit trail project has integrated l For more info see: PSARC/2009/208  and the project page.

Huge congratulations to Jan Friedel and the whole audit team, and many thanks to the code reviewers. I'm looking forward to integration of the receiving side as well.

Thursday Jul 24, 2008

Enabling OpenSolaris Auditing without Device Allocation

Today I needed to enable auditing on my OpenSolaris system to check some audit behaviour. However I didn't want device allocation enabled, I do want mass storage devices to still be automatically mounted particularly since I was doing this on my laptop, and also because I wasn't interested in anything other than the events in the 'lo' or 'ss' class (login/logout and system state change).

When bsmconv is run it turns on auditing (on next reboot) and disables the automatic mounting of mass storage devices. The later it does by updating the HAL configuration. I creates /etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi, this is an XML format file that HAL reads when it starts up.

So the simple fix to have auditing but not device allocation is this:

islay$ pfexec bsmconv   # Answer y
islay$ pfexec rm etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi

We really should split these things a part like we have been planning to do for quite some time.

Wednesday Dec 20, 2006

OpenSolaris Audit Project

A new OpenSolaris project on Auditing has just opened up today. This is to define and implement the future of the (BSM) Audit functionality.

If you are interested in Audit on OpenSolaris or it sister implementations on FreeBSD and MacOS X then please join us on in the audit-discuss mail alias on opensolaris.org.

Technorati Tags:

About

DarrenMoffat

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today