You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some
changes to configuration files.
You are concerned that someone may have unauthorized access or that an authorized user may
be abusing the access privilege. You decide to track a set of security events across multiple
servers. How will you configure the systems for this?
A.
Configure a centralized system-logging server and direct all servers to use it.
B.
Use audit-config to add the servers’ host names to the audit_remote plug in.
C.
Add centralized NFS file systems to the /etc/security/audit_control file on each server.
D.
Modify the /etc/security/audit_startup file and add audit_remote logging on each server.
Explanation:
audit_remote
– send Solaris audit logs to a remote server
The audit_remote plugin module for Solaris audit, /usr/lib/security/audit_remote.so, sends binary
audit records (audit.log) to audit servers as they are configured with auditconfig.
The audit_remote plugin is loaded by auditd if the plugin is configured as an active via auditconfig.
Use the auditconfig -setplugin option to change all the plugin related configuration parameters.
Incorrect:
not D: Audit policy determines the characteristics of the audit records for the local host. When
auditing is enabled, the contents of the /etc/security/audit_startup file determine the audit policy.
B