Re: Solaris Basic Security Module

From: Darren J Moffat (Darren.Moffat@Sun.COM)
Date: 09/17/02


Date: Tue, 17 Sep 2002 12:32:47 -0700 (PDT)
From: Darren J Moffat <Darren.Moffat@Sun.COM>
To: boutros <boutros@swissonline.ch>

On Mon, 16 Sep 2002, boutros wrote:

> Hello all,
>
> I was wondering if there is a quick way to check and see if the Sun
> Basic Security Module (BSM) has been enabled on a Solaris 8 box.

/etc/security/bsmconv does 3 things:

        1. Enables auditd

        It creates /etc/security/audit_startup which causes auditd to
        run on reboot. To check look for a running auditd, its pid is
        the first field of /etc/security/audit_data

        2. Enables device allocation

        /etc/security/spool/S92volmgt exists

        3. Turns off L1-A

        set abort_enable = 0 is in /etc/system

Note that this may change in future releases but it is something you
could have worked out by reading the /etc/security/bsmconv script.

In particular 2 and 3 may not exist in a future release or may work
a different way.

-- 
Darren J Moffat