Advertisements

Solaris Auditing facility on a Solaris 9 Brandz

Showing this message on /var/adm/messages file

Jan 22 11:45:01 solaris9brandz C0047233: [ID 702911 daemon.alert] audit failed to start because it cannot read or write the system’s audit state. This may be due to a configuration error. Must reboot to start auditing!

Apparently no problems in the file /etc/system

root@solaris9brandz:/ # grep audit /etc/system
set c2audit:audit_load = 1

Starting audit shows lots of error messages

root@solaris9brandz:/ # /etc/init.d/audit start
Starting BSM services.
auditconfig: auditon(2) failed.
auditconfig: error = Invalid argument(22)
auditconfig: auditon(2) failed.
auditconfig: error = Invalid argument(22)
auditconfig: auditon(2) failed.
auditconfig: error = Invalid argument(22)
auditconfig: auditon(2) failed.
auditconfig: error = Invalid argument(22)

Checking /etc/security/audit_control file doesn’t show any irregularities

root@solaris9brandz:/ # cat /etc/security/audit_control
#
# Copyright (c) 1988 by Sun Microsystems, Inc.
#
# ident “@(#)audit_control.txt 1.4 00/07/17 SMI”
#
dir:/audit
flags: lo,ad,ex
minfree: 20
naflags: lo,ad,ex

Checking System Administration Guide: Oracle Solaris 9 Containers
Shows Limitations Specific to solaris9 Branded Zones
The following limitations apply to solaris9 branded zones:

Solaris Auditing and Solaris Basic Security Module Auditing, described in bsmconv(1M) and auditon(2), are not supported. The audit subsystem will always appear to be disabled.

Advertisements
%d bloggers like this: