Para configurar la auditoria a nivel C2 de Solaris es necesario
habilitar
el módulo de seguridad
básica o BSM (Basic Security
Module). 1. Asegurarse de que aún no se encuentra habilitado BSM (el siguiente comando no debe devolver ninguna salida): grep c2audit /etc/system 2. Habilitar BSM: /etc/security/bsmconv 3. Revisar que se haya creado el directorio /var/audit: ls -ld /var/audit drwxr-xr-x 2 root sys 512 Jul 12 22:23 /var/audit ls -l /var/audit total 2 -rw------- 1 root root 56 Jul 12 22:23 20050713032312.not_terminated.hostname 4. Configurar en el archivo /etc/security/audit_control las siguientes clases de eventos a ser auditadas: # vi /etc/security/audit_control 5. Crear el script /etc/security/newauditlog.sh: vi /etc/security/newauditlog.sh #!/sbin/sh # # newauditlog.sh - Start a new audit file and expire the old logs PATH=/usr/bin:/usr/sbin # # If the disk space isn't sufficient to retain logs on a month, # lower this value from 30 to 7 AUDIT_EXPIRE=30 AUDIT_DIR="/var/audit" LOG_DIR=/var/audit/logs# Rotate the log file audit -n # Move the log files to the archive directory and compress for i in `ls ${AUDIT_DIR} | grep -v not_terminated | grep -v logs` do compress ${AUDIT_DIR}/${i} mv ${AUDIT_DIR}/${i}.Z ${LOG_DIR}/${i}.Z done # Delete old log files cd ${AUDIT_DIR} # in case it is a link find . ${LOG_DIR} -type f -mtime +${AUDIT_EXPIRE} \ -exec rm {} > /dev/null 2>&1 \; exit 06. Configurar la siguiente línea de crontab para el usuario root: 0 0 * * * /etc/security/newauditlog.sh 7. Reiniciar el sistema: /usr/sbin/shutdown -y -g 0 -i 6 8. Los archivos de auditoria  generados pueden ser leídos con el comando praudit |
Removing "Drive Not Available" from Solaris
These are steps I followed to remove the LUNS which were unmasked from the system.
Removing the Unused/Unmasked LUNS from Solaris.
1. First Step is identifying the
2. Remove them from Volume Manager. In my case, they are veritas. so I used vxdisk rm
3. look at the cfgadm -al o/p to find the disks which are failing. they are failing because they are unmasked from this system and still OS sees them.
c3::50060482d53135b8,84 disk connected configured failing
c3::50060482d53135b8,86 disk connected configured failing
c3::50060482d53135b8,87 disk connected configured failing
3. luxadm -e offline /dev/rdsk/
4. cfgadm -o unusable_FCP_dev -c unconfigure c3::50060482d53135b8
# This will remove all unusable LUNS from system for particular controller and target id. don't worry there might be some
working devices on that target. This command won't affect them. they'll be in working state only.
5. clean the device files using devfsadm -Cv
6. You should be clear now in both format and cfgadm -al.