Preface

Auditing is a security feature required for a C2 rating in TCSEC, and is a functional requirement in the Common Criteria for Information Technology Security Evaluation, Version 2.1, August 1999 (CCv21), an ISO standard (IS 15408). C2 discretionary-access control and identification and authentication features are provided by the standard Solaris system. The Trusted Solaris 2.5.1 operating environment earned an ITSEC evaluation in the United Kingdom of assurance level E3 and functionality F-B1. The Trusted Solaris 8 operating environment will be certified to the CCv21, to Evaluation Assurance Level (EAL) 4, and against a number of protection profiles which provide functionality similar to the TCSEC C2 and B1 levels, with some additional functionality.

Who Should Use This Book

Trusted Solaris Audit Administration is intended for the system administrator whose duties include setting up and maintaining auditing file systems, and for the security administrator whose duties include determining what will be audited and analyzing the auditing trail. The system administrator should be familiar with file system administration, such as NFS-mounting, sharing directories, exporting directories, and creating disk partitions. The security administrator should be familiar with the site security policy, and with the help of the system administrator, be able to create and modify shell scripts.

How This Book Is Organized

Chapter 1, Auditing Basics, explains the system management and configuration of the auditing subsystem. Topics discussed include managing audit trail storage, determining global and per-user preselection, and setting site-specific configuration options.

Chapter 2, Auditing Setup, covers setting up and maintaining auditing at your site. The latter part of the chapter contains procedures for setting up and maintaining auditing.

Chapter 3, Audit Trail Management and Analysis, describes how the audit daemon creates the audit trail, and how to manage audit files and read the contents. The latter part of the chapter contains procedures for merging audit files, selecting records, reading the audit trail, and backing up the trail.

Chapter 4, Troubleshooting Auditing, contains procedures for troubleshooting the auditing subsystem.

Appendix A, Event-to-Class Mappings, lists audit events by their default audit class and alphabetically. It also connects them to their system calls and user commands.

Appendix B, Audit Record Descriptions, describes in detail the content of the audit records generated, including a description of every audit token.

Appendix C, Audit Reference lists and describes the man pages added for the auditing subsystem in the Trusted Solaris 8 environment, and file protections on the auditing subsystem.

Related Books

All sites should have the following books or information available when setting up auditing:

From Sun Microsystems

• Trusted Solaris 8 Release Notes

  Describes any late-breaking news about auditing, including known problems.

• Trusted Solaris Administrator's Procedures

  Describes administration tasks, such as assuming a role, in detail.

From Elsewhere

• Your site security policy

  Describes the security policy and security procedures at your site.

Other books on auditing that might be of interest include:

• A Guide to Understanding Audit in Trusted Systems

• Auditing in a UNIX System

• DoD Trusted Computer System Evaluation Criteria (the Orange Book)

• Compartmented Mode Workstation Evaluation Criteria

• Guideline for Trusted Facility Management and Audit, Virgil D. Gligor, 1985

• Common Criteria for Information Technology Security Evaluation, Version 2.1, August 1999. For online information, see http://csrc.ncsl.nist.gov/cc/ccv20/ccv2list.htm.

Ordering Sun Documents

Fatbrain.com, the Internet's most comprehensive professional bookstore, stocks select product documentation from Sun Microsystems, Inc.

For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.

Accessing Sun Documentation Online

The docs.sun.com^SM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.

Typographic Conventions

The following table describes the typographic conventions used in this book.

Table P-1 Typographic Conventions

Typeface or Symbol	Meaning	Example
AaBbCc123	The names of commands, files, and directories; on-screen computer output	Edit your .login file. Use ls -a to list all files. machine_name% You have mail.
AaBbCc123	What you type, contrasted with on-screen computer output	machine_name% su Password:
AaBbCc123	Command-line placeholder: replace with a real name or value	To delete a file, type rm filename.
AaBbCc123	Book titles, new words or terms, or words to be emphasized	Read Chapter 6 in User's Guide. These are called class options. You must be root to do this.

Shell Prompts in Command Examples

The following table shows the default system prompt and administrative role prompts for the C shell, Bourne shell, and Korn shell.

Table P-2 Shell Prompts

Shell	Prompt
C shell prompt	machine_name%
root role prompt	#
other administrative role prompts	$