System Administration Guide: Security Services
Previous Next

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Using the Basic Audit Reporting Tool (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Role-Based Access Control (Reference)

11.  Privileges (Tasks)

12.  Privileges (Reference)

Administrative Commands for Handling Privileges

Files With Privilege Information

Privileges and Auditing

Prevention of Privilege Escalation

Legacy Applications and the Privilege Model

Part IV Solaris Cryptographic Services

13.  Solaris Cryptographic Framework (Overview)

14.  Solaris Cryptographic Framework (Tasks)

15.  Solaris Key Management Framework

Part V Authentication Services and Secure Communication

16.  Using Authentication Services (Tasks)

17.  Using PAM

18.  Using SASL

19.  Using Solaris Secure Shell (Tasks)

20.  Solaris Secure Shell (Reference)

Part VI Kerberos Service

21.  Introduction to the Kerberos Service

22.  Planning for the Kerberos Service

23.  Configuring the Kerberos Service (Tasks)

24.  Kerberos Error Messages and Troubleshooting

25.  Administering Kerberos Principals and Policies (Tasks)

26.  Using Kerberos Applications (Tasks)

27.  The Kerberos Service (Reference)

Part VII Solaris Auditing

28.  Solaris Auditing (Overview)

29.  Planning for Solaris Auditing

30.  Managing Solaris Auditing (Tasks)

31.  Solaris Auditing (Reference)

Glossary

Index

Privileges and Auditing

Privilege use can be audited. When a process uses a privilege, the use of privilege is recorded in the audit trail. The privileges are recorded in their textual representation. The following audit events record use of privilege:

  • AUE_SETPPRIV audit event – The event generates an audit record when a privilege set is changed. The AUE_SETPPRIV audit event is in the pm class.

  • AUE_MODALLOCPRIV audit event – The audit event generates an audit record when a privilege is added from outside the kernel. The AUE_MODALLOCPRIV audit event is in the ad class.

  • AUE_MODDEVPLCY audit event – The audit event generates an audit record when the device policy is changed. The AUE_MODDEVPLCY audit event is in the ad class.

  • AUE_prof_cmd audit event – The audit event generates an audit record when a command is executed in a profile shell. The AUE_prof_cmd audit event is in the as and ua audit classes.

The successful use of privileges that are in the basic set is not audited. The attempt to use a basic privilege that has been removed from a user's basic set is audited.
Previous Next