Solaris BSM not starting on Solaris 10

From: Andy Ford (andy.ford@telindus.co.uk)
Date: Wed Jul 18 2007 - 18:50:22 EDT

• Next message: Paul Hunter: "SVM and Last Erred"
• Previous message: Abhimanyu Pandey: "ultra 60 power"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi everyone

I9m trying to start BSM on a Solaris 10 box.
I have a basic setup to monitor Login / Logouts of the system, whether
successful or not.

I Ove run /etc/security/bsmconv and rebooted the system.
On reboot I have root mail that reads...
----------------------
>From root@asterix Wed Jul 18 22:33:39 2007
Date: Wed, 18 Jul 2007 22:33:39 GMT
From: Super-User <root@asterix>
Message-Id: <200707182233.l6IMXd2K000454@asterix>
To: root@asterix
Subject: AUDIT DAEMON WARNING (nostart)
Content-Length: 180

/etc/security/audit_warn: audit failed to start because it cannot read or
write the system's audit state. This may be due to a configuration error.

Must reboot to start auditing!
-----------------------------

Checking the svcs output I get ...
% svcs -a auditd
svcs: -a ignored when used with arguments.
STATE STIME FMRI
maintenance 22:33:40 svc:/system/auditd:default

--------------------------------

My /etc/security/audit_control (the only file I9ve edited) is as follows...

% cat /etc/security/audit_control
#
# Copyright (c) 1988 by Sun Microsystems, Inc.
#
# ident "@(#)audit_control.txt 1.4 00/07/17 SMI"
#
dir:/var/audit
flags:
minfree:20
naflags:lo

--------------------
When I check the auditd log file I can see the following...
% cat /var/svc/log/system-auditd\:default.log
 Jul 18 22:41:32 Leaving maintenance because disable requested. ]
[ Jul 18 22:41:32 Disabled. ]
[ Jul 18 22:41:37 Enabled. ]
[ Jul 18 22:41:37 Executing start method ("/lib/svc/method/svc-auditd") ]
Starting BSM services.
Configured 256 kernel events.
Configured non-attributable events.
[ Jul 18 22:41:38 Method "start" exited with status 1 ]

---------------------------

When I restart the auditd service I get the following...
% svcadm restart auditd
% Jul 18 22:41:38 asterix root: [ID 702911 daemon.alert] The audit_warn mail
alias is not defined
Jul 18 22:41:38 asterix root: [ID 702911 daemon.alert] audit failed to start
because it cannot read or write the system's audit state. This may be due to
a configuration error. Must reboot to start auditing!
--------------------------------
Any ideas what is wrong here?

Thanks in advance of any suggestion you may have

Regards

--
Andy
This e-mail is private and may be confidential and is for the intended
recipient only.  If misdirected, please notify us by telephone and confirm
that it has been deleted from your system and any copies destroyed.  If you
are not the intended recipient you are strictly prohibited from using,
printing, copying, distributing or disseminating this e-mail or any
information contained in it.  We use reasonable endeavours to virus scan all
e-mails leaving the Company but no warranty is given that this e-mail and any
attachments are virus free.  You should undertake your own virus checking.
The right to monitor e-mail communications through our network is reserved by
us.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Paul Hunter: "SVM and Last Erred"
• Previous message: Abhimanyu Pandey: "ultra 60 power"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:08 EDT