What is the other?

A change in your companys security policy now requires an audit trial of all administrators assuming the
sysadm role, capturing:
Executed commands, including options
Logins and logouts
There are two command necessary to accomplish this change. One is a rolemod command. What is the other?

A change in your companys security policy now requires an audit trial of all administrators assuming the
sysadm role, capturing:
Executed commands, including options
Logins and logouts
There are two command necessary to accomplish this change. One is a rolemod command. What is the other?

A.
auditconfig set policy=argv

B.
auditconfig -setpolicy +argv

C.
auditconfig -setflags lo, ex sysadm

D.
auditconfig set flags=lo, ex sysadm

Explanation:
Audit Significant Events in Addition to Login/Logout (see step 2 below)
Use this procedure to audit administrative commands, attempts to invade the system, and other significant
events as specified by your site security policy.
For all users and roles, add the AUE_PFEXEC audit event to their preselection mask.
# usermod -K audit_flags=lo,ps:no username
# rolemod -K audit_flags=lo,ps:no rolename
# auditconfig -setpolicy +argv
3- Record the environment in which audited commands are executed.
# auditconfig -setpolicy +arge
Note: [-t] -setpolicy [+|-]policy_flag[,policy_flag …]
Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of + adds
the policies specified to the current audit policies. A prefix of – removes the policies specified from the current
audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global
zone.
Oracle Solaris 11 Security Guidelines, Audit Significant Events in Addition to Login/Logout



Leave a Reply 0

Your email address will not be published. Required fields are marked *