All- Taken from the ISS Knowledgebase: How Enforce Audit Policy Works on Solaris
When Server Sensor starts up, the Server Sensor sets audit flags in the BSM file: /etc/security/audit_event. Then when the Server Sensor shuts down, the Server Sensor restores the audit_event file to its pre-startup condition. What changes does the Server Sensor make to BSM? I noticed that it pretty much adds an rs flag to everything. Can someone go into detail with what changes are being made, and how policy changes affect those settings? Thank you for your time, Paul Paul Frederiksen Systems Engineer 717.267.9254 [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
