LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.

Notices


Reply
  Search this Thread
Old 12-05-2007, 07:50 AM   #1
jonfa
Member
 
Registered: Mar 2001
Location: FL
Posts: 257

Rep: Reputation: 30
auditd wont start


Hi All,

I am attempting to get auditd to run on a Solaris 10 machine. I made some changes to /etc/security/audit_control:

dir:/var/audit
flags:-fr,fr,+fd,-fd,+am,-am,+lo,-lo,+fm,-fm
minfree:20
naflags:lo


I then issue $svcadm enable auditd

When I execute $svcs -x I get the follwoing message:

svc:/system/auditd:default (Solaris audit daemon)
State: maintenance since Wed Dec 05 07:29:29 2007
Reason: Start method failed repeatedly, last exited with status 98.
See: http://sun.com/msg/SMF-8000-KS
See: auditd(1M)
See: audit(1M)
See: /var/svc/log/system-auditd:default.log
Impact: This service is not running.



What do I need to do to run auditd? How do I get out of maintenance mode? Thanks.
 
Old 12-05-2007, 08:34 AM   #2
toshiro
LQ Newbie
 
Registered: Jan 2003
Distribution: Debian, Ubuntu, Solaris
Posts: 24

Rep: Reputation: 0
If it's in maintenance mode, it means that auditd is not up and running, you probably haven't enabled auditing on your system.

Check this related info: http://www.sysadmindepot.com/Solaris/AuditingInSolaris

Last edited by toshiro; 12-05-2007 at 08:39 AM.
 
Old 12-05-2007, 08:52 AM   #3
jonfa
Member
 
Registered: Mar 2001
Location: FL
Posts: 257

Original Poster
Rep: Reputation: 30
Thank you!

That link solved my problem. I had to execute the following commands to get auditd enabled:

$/usr/sbin/init 1
$/etc/security/bsmconv
$reboot

Works! Thanks.
 
Old 12-05-2007, 09:07 AM   #4
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris 11.4, Oracle Linux, Mint, Ubuntu/WSL
Posts: 9,781

Rep: Reputation: 481Reputation: 481Reputation: 481Reputation: 481Reputation: 481
A side comment.

"reboot" is (unfortunately) not the best command to reboot a Solaris machine, especially when critical daemons and services are running.

The issue is reboot doesn't run the rc*.d shutdown scripts. Services are then killed quite ungracefully.

To properly reboot a machine, you may want to use instead the better:
Code:
init 6
 
Old 12-05-2007, 09:34 AM   #5
jonfa
Member
 
Registered: Mar 2001
Location: FL
Posts: 257

Original Poster
Rep: Reputation: 30
Thank you jlliagre. I didn't know that.
 
Old 06-30-2014, 11:16 AM   #6
peuche
LQ Newbie
 
Registered: Mar 2009
Location: Buenos Aires
Distribution: Ubuntu
Posts: 19

Rep: Reputation: 0
Folks,


I did enabled the BSM and reboot the global zone... but still the same issue


Reason: Start method failed repeatedly, last exited with status 98.
See: http://sun.com/msg/SMF-8000-KS
See: man -M /usr/share/man -s 1M auditd
See: man -M /usr/share/man -s 1M audit
See: /var/svc/log/system-auditd:default.log
Impact: This service is not running.


Also I did add to root user the auth. solaris.smf.modify

root::::auths=solaris.*,solaris.smf.modify,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no;min_label=admin_low;clearance=admin_high


???
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
auditd: auditd startup failed cmschube Red Hat 2 05-11-2009 07:08 AM
auditd outputting errors at service start & stop cdhgee Fedora 8 08-08-2005 01:22 PM
x wont start jsmarshall85 Debian 14 07-22-2004 04:41 PM
x wont start hurricane Slackware 4 10-17-2003 02:09 PM
X wont start ..help dilbert Linux - Software 4 03-18-2002 10:02 PM

LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 06:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration