You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some changes to
configuration files.
You are concerned that someone may have unauthorized access or that an authorized user may be abusing
the access privilege. You decide to track a set of security events across multiple servers. How will you configure
the systems for this?
A.
Configure a centralized system-logging server and direct all servers to use it.
B.
Use audit-config to add the servers’ host names to the audit_remote plug in.
C.
Add centralized NFS file systems to the /etc/security/audit_control file on each server.
D.
Modify the /etc/security/audit_startup file and add audit_remote logging on each server.
Explanation:
audit_remote
– send Solaris audit logs to a remote server
The audit_remote plugin module for Solaris audit, /usr/lib/security/audit_remote.so, sends binary audit records
(audit.log) to audit servers as they are configured with auditconfig.
The audit_remote plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the
auditconfig -setplugin option to change all the plugin related configuration parameters.
Incorrect:
not D: Audit policy determines the characteristics of the audit records for the local host. When auditing is
enabled, the contents of the /etc/security/audit_startup file determine the audit policy.