Find knowledge base article(s) by searching for keywords in the title e.g. type linux in the search box below
Find knowledge base article(s) by browsing the subject categories of articles
Technology quick references, cheatsheets, user manuals etc.
Shop Online through ShopifyLite
Tutorials on various IT applications.
Search Title    (UL:0 |SS:f)

Software >> OS >> Unix >> Solaris >> 10 >> Auditing >> How to confirm that auditing is enabled

 

Verify that the c2audit kernel module is loaded.

# modinfo | grep c2audit

No listing indicates that auditing is not running. The following listing indicates that auditing is running:

40  132ce90  14230 186   1  c2audit (C2 system call)

Verify that the audit daemon is running.

Verify the status of the auditd service. The following listing indicates that auditing is not running:

# svcs -x auditd
svc:/system/auditd:default (Solaris audit daemon)
 State: disabled since Fri Aug 14 19:02:35 2009
Reason: Disabled by an administrator.
   See: http://sun.com/msg/SMF-8000-05
   See: auditd(1M)
   See: audit(1M)
Impact: This service is not running.

The following listing indicates that the audit service is running:

# svcs auditd
STATE          STIME    FMRI
online         10:10:10 svc:/system/auditd:default

 

The following listing indicates that auditing is not running:


# auditconfig -getcond
auditconfig: auditon(2) failed.
auditconfig: error = Operation not supported(48)

The following listing indicates that auditing is running:

# auditconfig -getcond
audit condition = auditing

 

References

[1] http://docs.oracle.com/cd/E19253-01/816-4557/audittask-86/index.html

[ © 2008-2021 myfaqbase.com - A property of WPDC Consulting ]