Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC
From: Darren J Moffat (Darren.Moffat_at_Sun.COM)
Date: 03/23/05
- Previous message: benjamin brumaire: "Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC"
- In reply to: Drew Simonis: "Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC"
- Next in thread: benjamin brumaire: "Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Drew Simonis <simonis@myself.com> Date: Wed, 23 Mar 2005 10:37:45 -0800
On Sat, 2005-03-19 at 15:57, Drew Simonis wrote:
> isolation. You really need to evaluate what events can be
> recorded, and who would be the consumer of that data. I've
Note that you can change the class definitions and define your
own.
See this Sun Blueprint, originally written for Solaris 8, but
the concepts are still very relevant for Solaris 9 and 10.
http://www.sun.com/blueprints/0201/audit_config.pdf
> found it necessary to have a plan of what is to be done with
> the data as a means to justify the collection, since the load
> can be non-trivial, and the data geberated substantial. If you
> just collect it because you can, then you are clearly doing half
> of what can be done, and the cost probably outweighs the benefit.
Or you are just doing it to give the disks something to do :-)
With Solaris 10 you can also send summary data of the event classes
to syslog, see audit_syslog(5) for more details.
-- Darren J Moffat
- Previous message: benjamin brumaire: "Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC"
- In reply to: Drew Simonis: "Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC"
- Next in thread: benjamin brumaire: "Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
