Re: BSM and syslog... why should I consider the first?

From: Robert Escue (roescue_at_cox.net)
Date: 07/08/05

  • Next message: Freeman, Michael: "RE: BSM and syslog... why should I consider the first?"
    Date: Fri, 08 Jul 2005 06:06:13 -0400
    To: Simone Vernacchia <simonevernacchia@yahoo.it>
    
    

    Simone Vernacchia wrote:

    >Hello everyone,
    >
    >I'm working on a Security program for a large infrastructure.
    >I have to deal with Sun Solaris, and I was wondering why I should
    >consider logging via BSM and not syslog.
    >System admins have a good knowledge of syslog, and I can standardize
    >logging in different UNIX OSes easily if I use it.
    >Is there some breaking feature which could make me prefer BSM?
    >Is there a reason to use syslog and BSM?
    >
    >Thanks in advance,
    >G0k
    >
    >
    >
    >
    >
    Simone,

    BSM is auditing for Solaris, not logging. If you wanted your machine(s)
    to be C2/EAL4 compliant and wanted to have a trail of what users did on
    that machine, you would enable BSM. The detractors are increased CPU
    utilization, preferably having a dedicated partition to write the audit
    data to (depending on activity level it could be large) and the audit
    trail can only be read using Sun's tools (except for Solaris 10 which
    has other options).

    Hope this helps.

    Robert Escue
    System Administrator


  • Next message: Freeman, Michael: "RE: BSM and syslog... why should I consider the first?"

    Relevant Pages

    • BSM and syslog... why should I consider the first?
      ... I have to deal with Sun Solaris, and I was wondering why I should ... System admins have a good knowledge of syslog, ... logging in different UNIX OSes easily if I use it. ... Is there some breaking feature which could make me prefer BSM? ...
      (Focus-SUN)
    • RE: BSM and syslog... why should I consider the first?
      ... Subject: BSM and syslog... ... >logging in different UNIX OSes easily if I use it. ... BSM is auditing for Solaris, ...
      (Focus-SUN)
    • Re: Ability to audit/log screen locks in Solaris?
      ... |Our security office asked us if Solaris has the capability of logging ... |Does anyone know if this is possible, especially with Solaris 8/9/10? ... The xscreensaver used for screen lock in GNOME/JDS does not do BSM ...
      (comp.unix.solaris)
    • Re: Safe to bypass fsck?
      ... we are unable to get it to a later update of Solaris 10. ... to a halt trying to update the logging table as it removes the multi- ... We have never had it come back to life without rebooting it. ... it can't be deleted without taking out the NFS file system. ...
      (comp.unix.solaris)
    • Re: Experiences using enhanced Solaris features: BSM, extended ACLs, RBAC
      ... Regarding BSM you can start with the blueprint configuration and ... optimize it with some statistical works over your logfiles. ... RBAC could help a lot in Solaris only environment. ... >reviews of Solaris security from both audit and consulting perspectives. ...
      (Focus-SUN)