FOCUS on Sun: Solaris BSM Auditing

by Hal Flynn
Sept. 19, 2017 0 comments Symantec Pen Testing & Audits

Logging is important for two main reasons: regular analysis of our logs gives us an early warning of suspicious activity and, if stored securely it can provide the evidence required to find out what went wrong when a breach in the security policy occurs. There are other areas where logging helps as well, such as analysis of our security policies for correct implementation, as well as debugging auditing that can report pertinent information to our security model. Solaris provides a rich logging system available as part of the core OS in the form of SunSHIELD BSM Auditing. This is one of the most powerful security features that Solaris provides out of the box, yet it is probably the least understood and least used.