Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC
From: benjamin brumaire (benjamin_at_brumaire.biz)
Date: Mon, 21 Mar 2005 06:41:33 +0100 To: firstname.lastname@example.org
Regarding BSM you can start with the blueprint configuration and
optimize it with some statistical works over your logfiles. For me, the
real challenge is managing the logfiles and analysing it. Transforming a
lot of raw data into added value is a long hard process. Solaris 10
helps in both situation with syslog integration and XML format.
Companies like ISS or SRI provides some help and should be considered.
Of course, if your have an accurate idea of what you are looking for,
some perl scripting could do the job.
RBAC could help a lot in Solaris only environment. Management should be
centralized to prevent a sysadmin and audit nightmare . Just the one you
will get with sudo.
I never saw extended ACL in production environment.
To be honest, exept a handful projects where this tools were used,
overall acceptance is quiet low. Ease of use and an unclear business
value prohibit a wide usage. Sectools like this should be enable by
default, solaris should use his own mechanisms better (autorizations,
ppriv, ...) and better support for all the management issues should be
>I'm currently working on enhancing my company's Solaris standards. We are a
>major accounting and professional services firm, and are involved in many
>reviews of Solaris security from both audit and consulting perspectives.
>There are many areas that I am in the process of testing and incorporating
>into our methodology for these reviews, including BSM, extended ACLs and
>Most of the clients that I work with are not currently using any of these
>functionalities in their Solaris environments. I would be curious to hear
>from anyone out there who is:
>- using BSM to audit activities on their Solaris servers, including what
>your experience was with tuning it to balance the detail of the audit trail
>with the sheer amount of events it can generate,
>- using extended ACLs to provide fine-grained access controls to files or
>- using RBAC to split up the power of the root account.