Re: Trouble changing BSM/audit options without reboot

From: Anupam (
Date: 02/06/02

From: "Anupam" <>
To: <>
Date: Tue, 5 Feb 2002 20:36:09 -0500

> I am trying to implement auditing (BSM) on a Solaris 7 system. When I
> audit settings in either /etc/security/audit_control or
> /etc/security/audit_user is there anyway to "reload" the configurations to
> the audit daemon without rebooting?

Based on Pg.12 of "SunSHIELD Basic Security Module Guide", available from
"Note - The audit -s command does not change the preselection mask for
existing processes. Use autoconfig, setaudit (see the getuid(2) man page),
or auditon for existing processes."

Looks like I just answered my own post.

Thus the only way to have modified audit flags apply retroactively to
previous processes is:
- Write own code to use "setaudit" system call for all previous processes.
- Reboot machine, and apply changes to all processes once system is started

I guess the next follow-up question:
- Anyone has existing code which goes through the process list and changes
the audit options? [ Search on google turned up only man pages :-) ]

- Anupam

FWIW: Good references on BSM:

- "Auditing in the Solaris [tm] 8 Operating Environment" by Alex
Noordergraaf and William Osser

- "SunSHIELD Basic Security Module Guide" for Solaris 7

- "Solaris BSM Auditing" - By Darren Moffat