Enabling BSM on Solaris 10 to send BSM security logs remotely

To enable Solaris Basic Security Module(BSM) just run the enable BSM script (/etc/security/bsmconv).
A Solaris auto configure script the script will enable and configure BSM to log with syslog and is available here.

  • Note1: The server will need to be rebooted for changes to take effect.
  • Note2: This will only work on Solaris 10.

Example BSM auditing flags in LDAP for a users

dn: uid=user_blah,OU=Computer_IT,ou=people,,dc=subdomain,dc=com
changetype: modify
add: objectClass
objectClass: SolarisAuditUser
add: SolarisAuditNever
SolarisAuditNever: no
add: SolarisAuditAlways
SolarisAuditAlways: lo,ex,ad,am
%d bloggers like this: