|
Description
|
Audit records for the uadmin(1M) command don't appear to be generated
anymore as of Solaris 10 when issued from the global zone. For example,
the commands:
# auditconfig -setpmask $$ ss
# uadmin 1 1
[wait for system to reboot]
# auditreduce -m AUE_uadmin_solaris | praudit
don't generate any audit records for the global zone.
Within a non-global zone the above sequence of steps does generate an
audit record:
header,94,2,uadmin(1m),,localhost,2007-04-24 15:40:06.875 +01:00
subject,paulson,root,root,root,root,64,3221951745,164 7 localhost
text,1
text,1
return,success,0
zone,plastic-man
So this may be a timing issue relating to interaction between svc.startd
and init or some sort of race where the audit record doesn't make it
from the audit queue to disk. I haven't had time to look into this yet
but a Sun Services person asked me about it after their customer asked
them about it so I wanted to log this as a start. :)
.
|
