Çok kullanicili ve kritik oneme sahip sistemlerde kimin ne yaptigini izleyebilmek sistemin guvenligi ve kararliligi acisindan yuksek oneme sahiptir.
Ayni zamanda sistemde geriye yonelik yapilan arastirmalarda anahtar niteliginde yardimci olur. Kullanicilarin ne yaptigindan kasit; sisteme giris/cikis bilgileri, isletim sistemi uzerinde calistirdiklari komutlar, degisen/duzenlenen dosyalar.
Linux/UNIX sistemlerin cogu uzun zamandir bu tip audit altyapisina sahipler.Sun Solaris’in audit altyapisinin diger sistemlere oranla daha kullanisli, esnek ve saglam oldugunu soyleyebilirim.
svcs -a | grep audit
disabled 13:30:16 svc:/system/auditd:default
svcadm -v enable svc:/system/auditd:default
bash-3.00# svcs -a | grep audit
maintenance 14:43:08 svc:/system/auditd:default
bash-3.00# svcs -d svc:/system/auditd:default
STATE STIME FMRI
online 13:30:18 svc:/milestone/name-services:default
online 13:30:37 svc:/system/filesystem/local:default
online 13:30:49 svc:/system/system-log:default
bash-3.00# svcs -D svc:/system/auditd:default
STATE STIME FMRI
online 13:30:47 svc:/system/console-login:default
online 13:30:53 svc:/milestone/multi-user:default
bash-3.00# cd /etc/security/
bash-3.00# ./bsmconv
This script is used to enable the Basic Security Module (BSM).
Shall we continue with the conversion now? [y/n] y
bsmconv: INFO: checking startup file.
bsmconv: INFO: turning on audit module.
bsmconv: INFO: initializing device allocation.
The Basic Security Module is ready.
If there were any errors, please fix them now.
Configure BSM by editing files located in /etc/security.
Reboot this system now to come up with BSM enabled.
bash-3.00# svcs -a | grep audit
maintenance 14:43:08 svc:/system/auditd:default
bash-3.00#reboot
bash-3.00$ svcs -a | grep audit
online 14:49:10 svc:/system/auditd:default
bash-3.00$ ps -ef | grep audit
root 458 1 0 14:49:11 ? 0:00 /usr/sbin/auditd
bash-3.00$ cd /var/audit/
bash-3.00$ ls -lrt
total 2
-rw------- 1 root root 48 Aug 11 14:49 20090226092241.not_terminated.yusuf-solaris
***** bu dosyanın içerigini görmek için
bash-3.00$ praudit 20090226092241.not_terminated.yusuf-solaris
vi /etc/security/audit_control (ayar dosyası burada)
