by Hi:
I'd like to poll the Solaris security community to get your
thoughts and ideas surrounding the Solaris 2.X Shield Basic
Security Module auditing features.
I have been tasked with the evaluation and configuration of
BSM (C-2) auditing on our Solaris 2.X systems. Please send me E-Mail
giving your thoughts and ideas (Good and bad) on some of the following:
1. What events are you auditing?
2. How do you control the audit files?
3. What is the size of your user base?
4. How much space do the audit files consume?
5. Do you think it's worth it?
6. How do you monitor for significant events ?
7. Is there a better way ?
8. What problems did you have setting up BSM ?
9. Is there a way to customize the events and classes?
10. If so, what type of customizations did you make?
11. Are you able to audit custom applications ?
Thanks for your help.
*************************************************************************
Bob Adams
Eastman Kodak Company
*************************************************************************