From: Hardison Leif (Leif.Hardison@comverse.com)
Date: Sat Nov 05 2005 - 02:33:59 EST
Hi,
I'm having some difficulty determing why audit_warn.sh is triggering
hard limit warnings to daemon.alert.
bash-2.05# more /etc/security/audit_control
dir:/var/log/auditlog
flags: lo,ad,ex,fm,-fw,-fc,-fd,na
naflags: lo,ad,ex,fm,-fw,-fc,-fd
minfree:20
/usr/sbin/auditconfig -setpolicy -cnt,argv,arge
# location for log overflow
dir:/opt/log/auditlog
None of my mounted filesystems are above even near being at capacity
bash-2.05# df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c1t1d0s0 60965916 9212604 51143653 16% /
/proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
swap 9781984 32 9781952 1% /var/run
swap 9805104 23152 9781952 1% /tmp
/dev/dsk/c1t1d0s5 957783 1041 899276 1% /globaldevices
I have no disk quotas enabled.
BSM is enabled and I'm running Solaris 9 4/4 with some but not all
patches currently installed.
I've read the majority of the audit related man pages and took the basis
of my solaris 9 hardening from the NSA Solaris 9 guidelines.
Recommendations on where to go next would be appreciated.
Regards,
Leif
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:34:53 EDT