|
|
OpenSolaris Security Audit
Overview
OpenSolaris Audit project builds on top of the existing Solaris Auditing
subsystem and aims to promote wider adoption and develop other features in
accord with sysadmin/customer needs.
Intro from System Administration Guide
Auditing is the collecting of data about the use of system resources. The audit
data provides a record of security-related system events. This data can then be
used to assign responsibility for actions that take place on a host. Successful
auditing starts with two security features: identification and authentication.
At each login, after a user supplies a user name and password, a unique audit
session ID is generated and associated with the user's process. The audit
session ID is inherited by every process that is started during the login
session. Even if a user changes identity within a single session, all user
actions are tracked with the same audit session ID.
Solaris auditing helps to detect potential security breaches by revealing
suspicious or abnormal patterns of system usage. Solaris auditing also provides
a means to trace suspect actions back to a particular user, thus serving as a
deterrent. Users who know that their activities are being audited are less
likely to attempt malicious activities.
Goals
Long term goals for the Solaris Audit I-team (set by Q1/2008):
- enable/disable audit without reboot
- facilitate complete (userland) automated build process (libbsm(3LIB),
bsmrecord(1M), libadt_jni) - signed audit trail
- reliable audit transmission/remote storage
- integrate or develop audit reporting/analysis tools
- IDS integration, ie. delivering audit events in real time via a defined interface
- configuration tools/GUI
Note, that some of the projects/goals were already reached and the appropriate code is part of the onnv-gate.
Documentation
- Product description
- System Administration Guide: Security Services
- Trusted Solaris Audit Administration
How can you participate
If you would like to help or influence auditing projects:
- feel free to subscribe and share in the discussions (web interface)
- discuss design notes to be published soon
- clean up the code
Source code
Auditing code is a part of OpenSolaris code base available via many methods.
Please follow the instructions to get the latest code base.
Sources are available also in source code browser here
Links
Terms of Use
|
Privacy
|
Trademarks
|
Copyright Policy
|
Site Guidelines
|
Site Map
|
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2012, Oracle Corporation and/or its affiliates.