Audit Management by Role in Trusted Extensions
Auditing in Trusted Extensions requires the same planning as in the Solaris
OS. For details about planning, see Chapter 29, Planning for Solaris Auditing, in System Administration Guide: Security Services.
Role Setup for Audit Administration
In Trusted Extensions, auditing is the responsibility of two roles. The System Administrator
role sets up the disks and the network of audit storage. The Security
Administrator role decides what is to be audited, and specifies the information in
the audit configuration files. As in the Solaris OS, you create the roles
in software. The rights profiles for these two roles are provided. The initial
setup team created the Security Administrator role during initial configuration. For details, see
Create the Security Administrator Role in Trusted Extensions.
Note - A system only records the security-relevant events that the audit configuration files configure
the system to record (that is, by preselection). Therefore, any subsequent audit review
can only consider the events that have been recorded. As a result of
misconfiguration, attempts to breach the security of the system can go undetected, or
the administrator is unable to detect the user who is responsible for an
attempted breach of security. Administrators must regularly analyze audit trails to check for
breaches of security.
Audit Tasks in Trusted Extensions
The procedures to configure and manage auditing in Trusted Extensions differ slightly from
Audit configuration is performed in the global zone by one of two administrative roles. Then, the system administrator copies specific customized audit files from the global zone to every labeled zone. By following this procedure, user actions are audited identically in the global zone and in labeled zones.
For details, see Audit Tasks of the Security Administrator and Audit Tasks of the System Administrator
Trusted Extensions administrators use a trusted editor to edit audit configuration files. In Trusted CDE, Trusted Extensions administrators use CDE actions to invoke the trusted editor. For the list of actions, see Trusted CDE Actions.
Trusted Extensions administrators use the Solaris Management Console to configure specific users. User-specific audit characteristics can be specified in this tool. Specifying user characteristics is only required when the user's audit characteristics differ from the audit characteristics of the systems on which the user works. For an introduction to the tool, see Solaris Management Console Tools.
Audit Tasks of the Security Administrator
The following tasks are security-relevant, and are therefore the responsibility of the security
administrator. Follow the Solaris instructions, but use the Trusted Extensions administrative tools.
Audit Tasks of the System Administrator
The following tasks are the responsibility of the system administrator. Follow the Solaris
instructions, but use the Trusted Extensions administrative tools.