Terminal Security Policies |
Use this screen to set system policies for terminals. Policies apply to all terminals unless terminal-specific policies are set. Unsuccessful Login Tries Allowed: 10 . Delay Between Login Tries (sec.): 2 . Login Timeout Value (sec.): 0 . .,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,. [ OK ] [ Cancel ] [ Help ] ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, |
* Network Information Service (NIS) is not supported on a trusted system.
System And Process Auditing
Now that the system has been converted to a trusted system and your security policies have been set. It’s time to turn on auditing.
/usr/sbin/sam
Select "Auditing and Security"
Select "Audited Events"
Select "Actions"
Select "Turn Auditing On"
Auditing and Security |
File List View Options Actions Help . . . Turn Auditing ON . . .Auditing Turned: OFF . ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, . . . . Set Audit Monitor and Log Parameters... . . .,,,,,,,,,,,,,,,,,,,,,,,. View Audit Log... .,,,,,,,,,,,,. .Audited Events . Unconvert the System . 18 selected. .,,,,,,,,,,,,,,,,,,,,,,,. ======================================= .,,,,,,,,,,,,. . Audit . (nothing selected) . . . Event Type Success F,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,G . .R,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,T . .. admin Yes Yes acct, adjtime, audctl, audswitch, clock_ ^ . .. close No No close, ksem_close, mq_close, munmap . .. create No No creat, mkdir, mknod, msgget, pipe, semge . .. delete No No ksem_unlink, mq_unlink, msgctl, rmdir, s . .. ipcclose No No fdetach, shutdown . .. ipccreat No No bind, socket, socket2, socketpair, socke . .. ipcdgram No No . .. ipcopen No No accept, connect, fattach . .. login Yes Yes . .. modaccess No No chdir, chroot, fchdir, link, lockf, lock v . .F< >G . F,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,G |
.
Next you need to select which events you want to audit. At the very minimum you should audit admin - Logs all administrative and privileged events.
login - Logs all logins and logouts
modaccess - Logs all access modifications other than DAC
moddac - Logs all modifications of object’s discretionary access controls
Setup a cron job to collect system diagnostic messages.
- ____ /usr/bin/crontab –e
- ____ Insert the following 2 lines
# log kernel diagnostic messages every 10 minutes
05,15,25,35,45,55 * * * * /usr/sbin/dmesg - >>/var/adm/messages