Enabling Solaris BSM to send the security logs remote | DevTech101

Enabling BSM on Solaris 10 to send BSM security logs remotely

To enable Solaris Basic Security Module(BSM) just run the enable BSM script (/etc/security/bsmconv).
A Solaris auto configure script the script will enable and configure BSM to log with syslog and is available here.

Note1: The server will need to be rebooted for changes to take effect.
Note2: This will only work on Solaris 10.

Example BSM auditing flags in LDAP for a users

dn: uid=user_blah,OU=Computer_IT,ou=people,o=domain.com,dc=subdomain,dc=com
changetype: modify
add: objectClass
objectClass: SolarisAuditUser
-
add: SolarisAuditNever
SolarisAuditNever: no
-
add: SolarisAuditAlways
SolarisAuditAlways: lo,ex,ad,am

Related

%d bloggers like this: