Overview
OpenSolaris Audit project builds on top of the existing Solaris Auditing
subsystem and aims to promote wider adoption and develop other features in
accord with sysadmin/customer needs.
Intro from System Administration Guide
Auditing is the collecting of data about the use of system resources. The audit
data provides a record of security-related system events. This data can then be
used to assign responsibility for actions that take place on a host. Successful
auditing starts with two security features: identification and authentication.
At each login, after a user supplies a user name and password, a unique audit
session ID is generated and associated with the user's process. The audit
session ID is inherited by every process that is started during the login
session. Even if a user changes identity within a single session, all user
actions are tracked with the same audit session ID.
Solaris auditing helps to detect potential security breaches by revealing
suspicious or abnormal patterns of system usage. Solaris auditing also provides
a means to trace suspect actions back to a particular user, thus serving as a
deterrent. Users who know that their activities are being audited are less
likely to attempt malicious activities.
Goals
- enable/disable audit without reboot
- facilitate complete (userland) automated build process (libbsm(3LIB),
bsmrecord(1M), libadt_jni) - signed audit trail
- reliable audit transmission/remote storage
- integrate or develop audit reporting/analysis tools
- IDS integration, ie. delivering audit events in real time via a defined interface
- configuration tools/GUI
Documentation
- Product description
- System Administration Guide: Security Services
- Trusted Solaris Audit Administration
How can you participate
If you would like to help or influence auditing projects:
- feel free to subscribe and share in the discussions
- discuss design notes to be published soon
- clean up the code
Source code
Auditing code is a part of OpenSolaris code base available via Mercurial repository:
hg pull -u ssh://anon@hg.opensolaris.org/hg/onnv/onnv-gate
and look at:
- usr/src/lib/{libbsm,libadt_jni}
- usr/src/cmd/{bsmrecord,audit,auditd}
- usr/src/uts/common/c2
Sources are available also in source code browser here
Project-local repositories
All repositories are stored on hg.opensolaris.org and have anonymous access
- Website /hg/audit/website
- Webrev /hg/audit/webrev
- MQ patches for new projects/fixes /hg/audit/patches