Servicios

Web hosting
Ver »
Páginas Web
Ver »
Soporte UNIX
Ver »
UNIX TIPS
Ver »

Basic Security Module (BSM)

Para configurar la auditoria a nivel C2 de Solaris es necesario habilitar el  módulo  de  seguridad  básica  o  BSM  (Basic  Security  Module). 

1.  Asegurarse  de  que  aún  no  se  encuentra  habilitado  BSM  (el siguiente comando no debe devolver ninguna salida): grep c2audit /etc/system

2.  Habilitar BSM:
/etc/security/bsmconv
This script is used to enable the Basic Security Module (BSM).
Shall we continue with the conversion now? [y/n] y
bsmconv: INFO: checking startup file. bsmconv: INFO: move aside /etc/rc3.d/S81volmgt. bsmconv: INFO: turning on audit module. bsmconv: INFO: initializing device allocation files. The Basic Security Module is ready. If there were any errors, please fix them now. Configure BSM by editing files located in /etc/security. Reboot this system now to come up with BSM enabled.

3.  Revisar que se haya creado el directorio /var/audit:
ls -ld /var/audit
drwxr-xr-x   2 root      sys           512 Jul 12 22:23 /var/audit
ls -l /var/audit
total 2
-rw-------            1    root                    root                                        56    Jul    12    22:23
20050713032312.not_terminated.hostname

4.  Configurar   en   el   archivo   /etc/security/audit_control   las siguientes clases de eventos a ser auditadas:
# vi /etc/security/audit_control
dir:/var/audit flags:lo,ad naflags:lo,ad # #    lo - login/logout events #    ad - administrative actions: mount, exportfs, etc. #    pc - process operations: fork, exec, exit, etc. #    fc - file creation #    fd - file deletion #    fm - change of object attributes: chown, flock, etc

5.  Crear el script /etc/security/newauditlog.sh:
vi /etc/security/newauditlog.sh

#!/sbin/sh

#
# newauditlog.sh - Start a new audit file and expire the old logs

PATH=/usr/bin:/usr/sbin
#
# If the disk space isn't sufficient to retain logs on a month, # lower
this value from 30 to 7

AUDIT_EXPIRE=30 

AUDIT_DIR="/var/audit"

LOG_DIR=/var/audit/logs
# Rotate the log file audit -n

# Move the log files to the archive directory and compress

for i in `ls ${AUDIT_DIR} | grep -v not_terminated | grep -v logs`
do
compress ${AUDIT_DIR}/${i}
mv ${AUDIT_DIR}/${i}.Z ${LOG_DIR}/${i}.Z
done

# Delete old log files

cd ${AUDIT_DIR} # in case it is a link
find . ${LOG_DIR} -type f -mtime +${AUDIT_EXPIRE} \
-exec rm {} > /dev/null 2>&1 \;
exit 0

chmod 500 /etc/security/newauditlog.sh
6.  Configurar la siguiente línea de crontab para el usuario root:
0 0 * * * /etc/security/newauditlog.sh

7.  Reiniciar el sistema:
/usr/sbin/shutdown -y -g 0 -i 6

8.  Los  archivos  de  auditoria  generados  pueden  ser  leídos  con  el comando praudit

Regresar


Random TIPS

Removing "Drive Not Available" from Solaris

These are steps I followed to remove the LUNS which were unmasked from the system.
Removing the Unused/Unmasked LUNS from Solaris.

1. First Step is identifying the from Format o/p.
2. Remove them from Volume Manager. In my case, they are veritas. so I used vxdisk rm
3. look at the cfgadm -al o/p to find the disks which are failing. they are failing because they are unmasked from this system and still OS sees them.
c3::50060482d53135b8,84 disk connected configured failing
c3::50060482d53135b8,86 disk connected configured failing
c3::50060482d53135b8,87 disk connected configured failing
3. luxadm -e offline /dev/rdsk/ # This will kick the device from failing to unusable. and also removes them from format o/p.
4. cfgadm -o unusable_FCP_dev -c unconfigure c3::50060482d53135b8
# This will remove all unusable LUNS from system for particular controller and target id. don't worry there might be some working devices on that target. This command won't affect them. they'll be in working state only.
5. clean the device files using devfsadm -Cv
6. You should be clear now in both format and cfgadm -al.

free counters