|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC
From: Darren J Moffat (Darren.Moffat
Sun.COM)
Date: Wed Mar 23 2005 - 12:37:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 2005-03-19 at 15:57, Drew Simonis wrote:
> isolation. You really need to evaluate what events can be
> recorded, and who would be the consumer of that data. I've
Note that you can change the class definitions and define your
own.
See this Sun Blueprint, originally written for Solaris 8, but
the concepts are still very relevant for Solaris 9 and 10.
http://www.sun.com/blueprints/0201/audit_config.pdf
> found it necessary to have a plan of what is to be done with
> the data as a means to justify the collection, since the load
> can be non-trivial, and the data geberated substantial. If you
> just collect it because you can, then you are clearly doing half
> of what can be done, and the cost probably outweighs the benefit.
Or you are just doing it to give the disks something to do :-)
With Solaris 10 you can also send summary data of the event classes
to syslog, see audit_syslog(5) for more details.
--
Darren J Moffat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]