Catch All : Solaris 10 Audit
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Catch All : Solaris 10 Audit | Base Rule | Other Audit Success | General Audit |
| Solaris nfssvc(2) exited ok | Sub Rule | Startup and Shutdown | Process/Service Stopped |
| Solaris sendto(2) ok | Sub Rule | Information | Filestream Information |
| Solaris sendmsg(2) ok | Sub Rule | Information | Filestream Information |
| Solaris send(2) ok | Sub Rule | Information | Filestream Information |
| Solaris putpmsg(2) ok | Sub Rule | Information | Filestream Information |
| Solaris putmsg-send ok | Sub Rule | Information | Filestream Information |
| Solaris putmsg-connect ok | Sub Rule | Information | Filestream Information |
| Solaris putmsg(2) ok | Sub Rule | Information | Filestream Information |
| Solaris unmount(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris unmount failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris unlinkat(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris unlink(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris umount2(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris close(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris xstat(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris sysinfo(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris semgetl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris semget(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readvl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readv(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get audit statistics failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get audit state failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get audit policy flags failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - GESTATE command failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - GETTERMID command failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get queue cntrl param failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get kernel mask failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get event class failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get curr working dir failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - get curr active root failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris doorfs(2) - DOOR_UNBIND failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris doorfs(2) - DOOR_BIND failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris chroot(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris chdir(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditstat(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditon(2) - reset audit statistics failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris ioctl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getuseraudit(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getportaudit(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getkernstate(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getdents(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris fchroot(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris nfs_getfh(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris msgctl(2) - IPC_STAT command failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris semgetl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris semget(2) ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - IPC_STAT command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETZCNT command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETVAL command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETPID command ok | Sub Rule | Access Success | Object Read |
| Solaris getportaudit(2) ok | Sub Rule | Access Success | Object Read |
| Solaris getkernstate(2) ok | Sub Rule | Access Success | Object Read |
| Solaris getdents(2) ok | Sub Rule | Access Success | Object Read |
| Solaris xstat(2) ok | Sub Rule | Access Success | Object Read |
| Solaris sysinfo(2) ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,creat ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read ok | Sub Rule | Access Success | Object Read |
| Solaris nfs_getfh(2) ok | Sub Rule | Access Success | Object Read |
| Solaris msgctl(2) - IPC_STAT command ok | Sub Rule | Access Success | Object Read |
| Solaris ioctl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris getuseraudit(2) ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,creat ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris read(2) ok | Sub Rule | Access Success | Object Read |
| Solaris p_online(2) ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETNCNT command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETALL command ok | Sub Rule | Access Success | Object Read |
| Solaris readvl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris readv(2) ok | Sub Rule | Access Success | Object Read |
| Solaris readlink(2) ok | Sub Rule | Access Success | Object Read |
| Solaris readl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris kdc tkt-grant svc request ok | Sub Rule | Authentication Success | Authentication Activity |
| Solaris kdc tgs issue alt tgt ok | Sub Rule | Authentication Success | Authentication Activity |
| Solaris kdc authentication svc request ok | Sub Rule | Authentication Success | Authentication Activity |
| Solaris unauthenticated kadmind req ok | Sub Rule | Authentication Success | Authentication Activity |
| Solaris su ok | Sub Rule | Authentication Success | Authentication Activity |
| Solaris ftp access ok | Sub Rule | Authentication Success | Authentication Activity |
| Solaris authenticated kadmind request ok | Sub Rule | Authentication Success | Authentication Activity |
| Solaris open(2) - read,write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readlink(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris read(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris p_online(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris renameat(2) failed | Sub Rule | Access Failure | Rename Object Failure |
| Solaris rename(2) failed | Sub Rule | Access Failure | Rename Object Failure |
| Solaris accept(2) failed | Sub Rule | Access Failure | Initialize Object Failure |
| Solaris setgroups(2) ok | Sub Rule | Account Modified | Group Attribute Modified |
| Solaris setegid(2) ok | Sub Rule | Account Modified | Group Attribute Modified |
| Solaris setgid(2) ok | Sub Rule | Account Modified | Group Attribute Modified |
| Solaris setregid(2) ok | Sub Rule | Account Modified | Group Attribute Modified |
| Solaris setkernstate(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris sethostname(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris setdomainname(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris semctl(2) - SETVAL command ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris semctl(2) - SETALL command ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris adjtime(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris add serial port ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris add scheduled job ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris add printer ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris add filesystem ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris configure socket ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris configure kernel SSL ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris bind(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris at-create atjob ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris async_daemon(2) exited ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris async_daemon(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris setrlimit(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris setpriority(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris flock(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris crontab-modify ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris crontab-crontab created ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris connect(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris init(1m) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris utimes(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris rsh access failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris newgrp login failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris login - zlogin failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris login - telnet failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris login - ssh failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris login - rlogin failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris login - local failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris ftp access failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris admin login failed | Sub Rule | Authentication Failure | User Logon Failure |
| Solaris writevl(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris writev(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris writel(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris write(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris utimes(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setuseraudit(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris add printer failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris add network attributes failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris add filesystem failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris acl(2) - SETACL command failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris acct(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris chmod(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris audit(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris at-permission failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris add user/user attributes failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris add serial port failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris add scheduled job failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris enable user failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris disable user failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris delete user/user attributes failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris crontab-persmisson failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris crontab-modify failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris chown(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modctl(2) - configure addtl priv failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris lchown(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris futimesat(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris fchownat(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris fchown(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris fchmod(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modify serial port failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modify scheduled job failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modify printer failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modify network attributes failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modify filesystem failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modctl(2) - configure device policy failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris utime(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setuid(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setpgrp(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setgid(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modify user/user attributes failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris modify user failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setauid(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setaudit_addr(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris screenlock - unlock ok | Sub Rule | Authentication Success | User Logon |
| Solaris rsh access ok | Sub Rule | Authentication Success | User Logon |
| Solaris role login ok | Sub Rule | Authentication Success | User Logon |
| Solaris newgrp login ok | Sub Rule | Authentication Success | User Logon |
| Solaris login - zlogin ok | Sub Rule | Authentication Success | User Logon |
| Solaris login - telnet ok | Sub Rule | Authentication Success | User Logon |
| Solaris login - ssh ok | Sub Rule | Authentication Success | User Logon |
| Solaris login - rlogin ok | Sub Rule | Authentication Success | User Logon |
| Solaris login - local ok | Sub Rule | Authentication Success | User Logon |
| Solaris admin login ok | Sub Rule | Authentication Success | User Logon |
| Solaris semctl(2) - IPC_RMID command ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris rmdir(2) ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris msgctl(2) - IPC_RMID command ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete serial port ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete printer ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete network attributes ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete filesystem ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris ftruncate(2) ok | Sub Rule | Access Success | Object Initialized |
| Solaris truncate(2) ok | Sub Rule | Access Success | Object Initialized |
| Solaris rmdir(2) failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete user failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete serial port failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete scheduled job failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete printer failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete network attributes failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete filesystem failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris crontab-crontab deleted failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris at-delete atjob (at or atrm) failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris xmknod(2) failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris socket(2) failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris pipe(2) failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris mknod(2) failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris mkdir(2) failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris crontab-crontab created failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris create user failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris creat(2) failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris at-create atjob failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris crontab-persmisson ok | Sub Rule | Access Granted | Privilege Granted |
| Solaris fchownat(2) ok | Sub Rule | Policy | Policy Modified : Object |
| Solaris fchown(2) ok | Sub Rule | Policy | Policy Modified : Object |
| Solaris fchmod(2) ok | Sub Rule | Policy | Policy Modified : Object |
| Solaris settimeofday(2) failed | Sub Rule | Warning | Failed System Time Change |
| Solaris stime(2) failed | Sub Rule | Warning | Failed System Time Change |
| Solaris async_daemon(2) exited failed | Sub Rule | Error | Failed Local NFS Asynch I/O Server |
| Solaris async_daemon(2) failed | Sub Rule | Error | Failed Local NFS Asynch I/O Server |
| Solaris clock_settime(3RT) failed | Sub Rule | Warning | Failed High Resolution Clock Operation |
| Solaris configure socket failed | Sub Rule | Warning | Failed Socket Configuration |
| Solaris deallocate-device failure failed | Sub Rule | Error | Failed Device De-Allocation |
| Solaris dup2(2) failed | Sub Rule | Error | Failed File Descriptor Duplication |
| Solaris truncate(2) failed | Sub Rule | Warning | Failed To Set File Length |
| Solaris ftruncate(2) failed | Sub Rule | Warning | Failed To Set File Length |
| Solaris getpmsg(2) failed | Sub Rule | Error | Failed To Accept Message |
| Solaris getmsg-receive failed | Sub Rule | Error | Failed To Accept Message |
| Solaris swapon(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris socketpair(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris settimeofday(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris setsockopt(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris modify serial port ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris modify scheduled job ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris modify printer ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris modify network attributes ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris mmap(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris link(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris quotactl(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris pipe(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris stime(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris setpgrp(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris nice(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris ntp_adjtime(2) ok | Sub Rule | Configuration | Configuration Modified : System |
| Solaris add network attributes ok | Sub Rule | Configuration | Configuration Loaded : System |
| Solaris enable user ok | Sub Rule | Access Granted | Account Enabled |
| Solaris disable user ok | Sub Rule | Access Revoked | Account Disabled |
| Solaris semctl(2) - illegal command ok | Sub Rule | Suspicious | Suspicious Activity |
| Solaris msgctl(2) - illegal command ok | Sub Rule | Information | File System Mounted |
| Solaris mount(2) ok | Sub Rule | Information | File System Mounted |
| Solaris mount ok | Sub Rule | Information | File System Mounted |
| Solaris reboot(2) ok | Sub Rule | Startup and Shutdown | System Restarted |
| Solaris reboot(1m) ok | Sub Rule | Startup and Shutdown | System Restarted |
| Solaris access(2) failed | Sub Rule | Error | Failed File Access Check |
| Solaris auditon(2) - set queue cntrl param failed | Sub Rule | Error | Failed Auditing Set |
| Solaris auditon(2) - set mask per sess ID failed | Sub Rule | Error | Failed Auditing Set |
| Solaris auditon(2) - set mask per audit uid failed | Sub Rule | Error | Failed Auditing Set |
| Solaris auditon(2) - set kernel mask failed | Sub Rule | Error | Failed Auditing Set |
| Solaris auditon(2) - set event class failed | Sub Rule | Error | Failed Auditing Set |
| Solaris auditon(2) - set audit state failed | Sub Rule | Error | Failed Auditing Set |
| Solaris auditon(2) - set audit policy flags failed | Sub Rule | Error | Failed Auditing Set |
| Solaris connect(2) failed | Sub Rule | Error | Failed Socket Connection |
| Solaris flock(2) failed | Sub Rule | Other Audit Failure | Failed Advisory Lock Apply/Remove |
| Solaris indir system call failed | Sub Rule | Error | Failed System Call |
| Solaris killpg(2) failed | Sub Rule | Warning | Failed Process Signal Send |
| Solaris kill(2) failed | Sub Rule | Warning | Failed Process Signal Send |
| Solaris modctl(2) - load module failed | Sub Rule | Error | Failed To Load Module |
| Solaris modctl(2) - no longer generated failed | Sub Rule | Error | Failed Module Execution |
| Solaris nfs_svc(2) failed | Sub Rule | Error | Failed NFS Service Startup |
| Solaris nfs server failed | Sub Rule | Error | Failed NFS Service Startup |
| Solaris nfssvc(2) exited failed | Sub Rule | Error | Failed NFS Service Stop |
| Solaris ntp_adjtime(2) failed | Sub Rule | Warning | Failed Local Clock Properties Change |
| Solaris screenlock - lock failed | Sub Rule | Warning | Failed Screen Lock |
| Solaris shmdt(2) failed | Sub Rule | Error | Failed Shared Memory Operation |
| Solaris shmat(2) failed | Sub Rule | Error | Failed Shared Memory Operation |
| Solaris lchown(2) ok | Sub Rule | Access Granted | Ownership Granted |
| Solaris chown(2) ok | Sub Rule | Access Granted | Ownership Granted |
| Solaris modify filesystem ok | Sub Rule | Access Success | Object Modified |
| Solaris futimesat(2) ok | Sub Rule | Access Success | Object Modified |
| Solaris getaudit(2) ok | Sub Rule | Other Audit Success | Process Auditing Address Received |
| Solaris modctl(2) - unload module ok | Sub Rule | Other Audit | Module Unloaded |
| Solaris setaudit(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris semctl(2) - SETVAL command failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris semctl(2) - SETALL command failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris profile command failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setkernstate(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris sethostname(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setgroups(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris seteuid(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setegid(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setdomainname(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setsockopt(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setrlimit(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setreuid(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setregid(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setpriority(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris setppriv(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris zoneadmd failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris uadmin(1m) failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris shmctl(2) - IPC_STAT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris shmctl(2) - IPC_SET command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris shmctl(2) - IPC_RMID command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris shmctl(2) - illegal command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris cron-invoke failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris auditon(2) - SETTERMID command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris auditon(2) - SESTATE command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETALL command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris msgctl(2) - IPC_RMID command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris facl(2) - SETACL command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris execve(2) failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris exec(2) failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris enter prom failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - IPC_STAT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - IPC_RMID command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETZCNT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETVAL command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETPID command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETNCNT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris setauid(2) ok | Sub Rule | Configuration | Configuration Modified : Security |
| Solaris setaudit_addr(2) ok | Sub Rule | Configuration | Configuration Modified : Security |
| Solaris setaudit(2) ok | Sub Rule | Configuration | Configuration Modified : Security |
| Solaris add user/user attributes ok | Sub Rule | Configuration | Configuration Modified : Security |
| Solaris setppriv(2) ok | Sub Rule | Policy | Policy Enabled : System |
| Solaris modctl(2) - configure device policy ok | Sub Rule | Policy | Policy Enabled : System |
| Solaris modctl(2) - configure addit priv ok | Sub Rule | Policy | Policy Enabled : System |
| Solaris acct(2) ok | Sub Rule | Policy | Policy Enabled : System |
| Solaris at-permission ok | Sub Rule | Policy | Policy Enabled : Object |
| Solaris socket(2) ok | Sub Rule | Information | Communication Endpoint Created |
| Solaris allocate-list devices failure failed | Sub Rule | Error | Failed Device Allocation |
| Solaris allocate-device failure failed | Sub Rule | Error | Failed Device Allocation |
| Solaris auditsvc(2) failed | Sub Rule | Other Audit Failure | Failed Audit Log Write |
| Solaris getmsg-accept failed | Sub Rule | Error | Failed To Accept Message |
| Solaris modctl(2) - bind module failed | Sub Rule | Error | Failed Module Bind |
| Solaris modctl(2) - unload module failed | Sub Rule | Warning | Failed Module Unload |
| Solaris msggetl(2) failed | Sub Rule | Error | Failed Message Queue Retrieval |
| Solaris msgget(2) failed | Sub Rule | Error | Failed Message Queue Retrieval |
| Solaris sendto(2) failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris sendmsg(2) failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris send(2) failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris putpmsg(2) failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris putmsg-send failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris putmsg-connect failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris putmsg(2) failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris msgsndl(2) failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris msgsnd(2) failed | Sub Rule | Error | Failed Message Sending Operation |
| Solaris quotactl(2) failed | Sub Rule | Error | Failed Disk Quotas Change |
| Solaris recvmsg(2) failed | Sub Rule | Warning | Failed to Receive Message |
| Solaris recvfrom(2) failed | Sub Rule | Warning | Failed to Receive Message |
| Solaris recv(2) failed | Sub Rule | Warning | Failed to Receive Message |
| Solaris semop(2) failed | Sub Rule | Error | Failed Semaphore Operation |
| Solaris smserverd failed | Sub Rule | Error | Failed Service Start |
| Solaris socketpair(2) failed | Sub Rule | Warning | Failed Pair of Connected Sockets Created |
| Solaris doorfs(2) - DOOR_UNBIND ok | Sub Rule | Other Audit Success | Thread Unbound From Server Pool |
| Solaris nfs_svc(2) ok | Sub Rule | Startup and Shutdown | Process/Service Started |
| Solaris nfs server ok | Sub Rule | Startup and Shutdown | Process/Service Started |
| Solaris vfork(2) ok | Sub Rule | Startup and Shutdown | Process/Service Started |
| Solaris system booted ok | Sub Rule | Startup and Shutdown | Process/Service Started |
| Solaris smserverd ok | Sub Rule | Startup and Shutdown | Process/Service Started |
| Solaris fork1(2) ok | Sub Rule | Startup and Shutdown | Process/Service Started |
| Solaris fork(2) ok | Sub Rule | Startup and Shutdown | Process/Service Started |
| Solaris getmsg-accept ok | Sub Rule | Other Audit Success | Message Accepted |
| Solaris modctl(2) - bind module ok | Sub Rule | Other Audit Success | Module Bound |
| Solaris modctl(2) - no longer generated ok | Sub Rule | Other Audit Success | Module Completed |
| Solaris semctl(2) - IPC_SET command ok | Sub Rule | Other Audit Success | Memory Segment Assigned |
| Solaris msgctl(2) - IPC_SET command ok | Sub Rule | Other Audit Success | Memory Segment Assigned |
| Solaris rexecd ok | Sub Rule | Other Audit Success | General Audit |
| Solaris rexd ok | Sub Rule | Other Audit Success | General Audit |
| Solaris process dumped core ok | Sub Rule | Other Audit Success | General Audit |
| Solaris priocntlsys(2) ok | Sub Rule | Other Audit Success | General Audit |
| Solaris doorfs(2) - DOOR_RETURN ok | Sub Rule | Other Audit Success | General Audit |
| Solaris doorfs(2) - DOOR_INFO ok | Sub Rule | Other Audit Success | General Audit |
| Solaris doorfs(2) - DOOR_CRED ok | Sub Rule | Other Audit Success | General Audit |
| Solaris doorfs(2) - DOOR_CREATE ok | Sub Rule | Other Audit Success | General Audit |
| Solaris doorfs(2) - DOOR_CALL ok | Sub Rule | Other Audit Success | General Audit |
| Solaris authorization used ok | Sub Rule | Other Audit Success | General Audit |
| Solaris inetd copylimit ok | Sub Rule | Other Audit Success | General Audit |
| Solaris inetd connect ok | Sub Rule | Other Audit Success | General Audit |
| Solaris vtrace(2) ok | Sub Rule | Other Audit Success | General Audit |
| Solaris utssys(2) - fusers ok | Sub Rule | Other Audit Success | General Audit |
| Solaris exportfs(2) ok | Sub Rule | Other Audit Success | General Audit |
| Solaris doorfs(2) - DOOR_REVOKE ok | Sub Rule | Other Audit Success | General Audit |
| Solaris one-sided session record ok | Sub Rule | Other Audit Success | General Audit |
| Solaris kernel cryptographic framework ok | Sub Rule | Other Audit Success | General Audit |
| Solaris logout ok | Sub Rule | Authentication Success | User Logoff |
| Solaris ftp logout ok | Sub Rule | Authentication Success | User Logoff |
| Solaris statvfs(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris statfs(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris shmgetl(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris shmget(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris stat(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris lxstat(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris fstatfs(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris fstatat(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris fstat(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris fcntl(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris lstat(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris lseek(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris getmsg(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris getauid(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris getaudit_addr(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris getaudit(2) failed | Sub Rule | Access Failure | Read Object Failure |
| Solaris delete scheduled job ok | Sub Rule | Configuration | Configuration Deleted : System |
| Solaris crontab-crontab deleted ok | Sub Rule | Configuration | Configuration Deleted : System |
| Solaris at-delete atjob (at or atrm) ok | Sub Rule | Configuration | Configuration Deleted : System |
| Solaris facl(2) - SETACL command ok | Sub Rule | Policy | Policy Enabled : Firewall/ACL |
| Solaris acl(2) - SETACL command ok | Sub Rule | Policy | Policy Enabled : Firewall/ACL |
| Solaris setuseraudit(2) ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - SETTERMID command ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - set queue cntrl param ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - set mask per session ID ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - set mask per audit uid ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - set kernel mask ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - set event class ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - set audit state ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - set audit policy flags ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris auditon(2) - SESTATE command ok | Sub Rule | Policy | Policy Enabled : Auditing |
| Solaris unmount(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris unmount ok | Sub Rule | Access Success | Object Closed |
| Solaris unlinkat(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris unlink(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris umount2(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris close(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris mknod(2) ok | Sub Rule | Access Success | Object Created |
| Solaris mkdir(2) ok | Sub Rule | Access Success | Object Created |
| Solaris xmknod(2) ok | Sub Rule | Access Success | Object Created |
| Solaris symlink(2) ok | Sub Rule | Access Success | Object Created |
| Solaris creat(2) ok | Sub Rule | Access Success | Object Created |
| Solaris init(1m) failed | Sub Rule | Warning | Failed Process Control Initialization |
| Solaris fork1(2) failed | Sub Rule | Error | Failed Process Creation |
| Solaris fork(2) failed | Sub Rule | Error | Failed Process Creation |
| Solaris exit(2) failed | Sub Rule | Error | Failed Process Termination |
| Solaris exit prom failed | Sub Rule | Error | Failed Process Termination |
| Solaris adjtime(2) failed | Sub Rule | Warning | Failed Time Synchronization |
| Solaris bind(2) failed | Sub Rule | Other Audit Failure | Failed Configuration |
| Solaris msgctl(2) - illegal command failed | Sub Rule | Error | Failed File System Mount |
| Solaris mount(2) failed | Sub Rule | Error | Failed File System Mount |
| Solaris mount failed | Sub Rule | Error | Failed File System Mount |
| Solaris screenlock - lock ok | Sub Rule | Other Audit | Screen Locked |
| Solaris pathconf(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris msggetl(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris msgget(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris lxstat(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris lstat(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris getpmsg(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get audit policy flags ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - GESTATE command ok | Sub Rule | Access Success | Object Accessed |
| Solaris access(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get kernel mask ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get event class ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get curr working dir ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get current active root ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get audit statistics ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get audit state ok | Sub Rule | Access Success | Object Accessed |
| Solaris shmget(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris fstatfs(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris fstatat(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris fstat(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - GETTERMID command ok | Sub Rule | Access Success | Object Accessed |
| Solaris auditon(2) - get queue cntrl param ok | Sub Rule | Access Success | Object Accessed |
| Solaris getmsg(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris getaudit_addr(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris statvfs(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris statfs(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris stat(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris shmgetl(2) ok | Sub Rule | Access Success | Object Accessed |
| Solaris seteuid(2) ok | Sub Rule | Account Modified | User Account Attribute Modified |
| Solaris profile command ok | Sub Rule | Account Modified | User Account Attribute Modified |
| Solaris setuid(2) ok | Sub Rule | Account Modified | User Account Attribute Modified |
| Solaris modify user/user attributes ok | Sub Rule | Account Modified | User Account Attribute Modified |
| Solaris modify user ok | Sub Rule | Account Modified | User Account Attribute Modified |
| Solaris setreuid(2) ok | Sub Rule | Account Modified | User Account Attribute Modified |
| Solaris passwd ok | Sub Rule | Account Modified | Password Modified |
| Solaris passwd failed | Sub Rule | Other Audit Failure | Failed Password Change Attempt |
| Solaris allocate-list devices success ok | Sub Rule | Other Audit Success | Device Allocated |
| Solaris allocate-device success ok | Sub Rule | Other Audit Success | Device Allocated |
| Solaris fcntl(2) ok | Sub Rule | Other Audit Success | File Control Operation |
| Solaris dup2(2) ok | Sub Rule | Other Audit Success | File Descriptor Duplicated |
| Solaris auditon(2) - reset audit statistics ok | Sub Rule | Other Audit Success | Audit Statistics Reset |
| Solaris utime(2) ok | Sub Rule | Other Audit | File Modification Times Set |
| Solaris semctl(2) - illegal command failed | Sub Rule | Failed Suspicious | Failed Suspicious Host Activity |
| Solaris junk ok | Sub Rule | Other Audit Success | General Audit |
| Solaris inst_sync(2) ok | Sub Rule | Other Audit Success | General Audit |
| Solaris inetd ratelimit ok | Sub Rule | Other Audit Success | General Audit |
| Solaris inetd failrate ok | Sub Rule | Other Audit Success | General Audit |
| Solaris delete user/user attributes ok | Sub Rule | Account Deleted | User Account Deleted |
| Solaris delete user ok | Sub Rule | Account Deleted | User Account Deleted |
| Solaris shutdown(2) ok | Sub Rule | Startup and Shutdown | System Shutdown |
| Solaris shutdown(1b) ok | Sub Rule | Startup and Shutdown | System Shutdown |
| Solaris poweroff(1m) ok | Sub Rule | Startup and Shutdown | System Shutting Down |
| Solaris halt(1m) ok | Sub Rule | Startup and Shutdown | System Shutting Down |
| Solaris lseek(2) ok | Sub Rule | Other Audit Success | File Pointer Operation |
| Solaris memcntl(2) ok | Sub Rule | Other Audit Success | Memory Management Operation |
| Solaris mctl(2) ok | Sub Rule | Other Audit Success | Memory Management Operation |
| Solaris shmdt(2) ok | Sub Rule | Other Audit Success | Shared Memory Operation |
| Solaris shmctl(2) - IPC_STAT command ok | Sub Rule | Other Audit Success | Shared Memory Operation |
| Solaris shmctl(2) - IPC_SET command ok | Sub Rule | Other Audit Success | Shared Memory Operation |
| Solaris shmctl(2) - IPC_RMID command ok | Sub Rule | Other Audit Success | Shared Memory Operation |
| Solaris shmctl(2) - illegal command ok | Sub Rule | Other Audit Success | Shared Memory Operation |
| Solaris shmat(2) ok | Sub Rule | Other Audit Success | Shared Memory Operation |
| Solaris indir system call ok | Sub Rule | Other Audit Success | System Call |
| Solaris clock_settime(3RT) ok | Sub Rule | Other Audit Success | High Resolution Clock Operation |
| Solaris semctl(2) - IPC_SET command failed | Sub Rule | Error | Failed To Assign Memory Segment |
| Solaris msgctl(2) - IPC_SET command failed | Sub Rule | Error | Failed To Assign Memory Segment |
| Solaris pathconf(2) failed | Sub Rule | Error | Failed Configurable Pathname Variables Retrieve |
| Solaris processor_bind(2) failed | Sub Rule | Error | Failed Processes Bind |
| Solaris swapon(2) failed | Sub Rule | Error | Failed Swap Space Added |
| Solaris system booted failed | Sub Rule | Error | Failed System Boot |
| Solaris auditstat(2) ok | Sub Rule | Other Audit Success | Kernel Audit Statistics Displayed |
| Solaris deallocate-device success ok | Sub Rule | Other Audit Success | Device De-Allocated |
| Solaris exit(2) ok | Sub Rule | Startup and Shutdown | Process/Service Stopping |
| Solaris exit prom ok | Sub Rule | Startup and Shutdown | Process/Service Stopping |
| Solaris msgrcvl(2) ok | Sub Rule | Other Audit Success | Message Receiving Operation |
| Solaris msgrcv(2) ok | Sub Rule | Other Audit Success | Message Receiving Operation |
| Solaris msgsndl(2) ok | Sub Rule | Other Audit Success | Message Sending Operation |
| Solaris msgsnd(2) ok | Sub Rule | Other Audit Success | Message Sending Operation |
| Solaris accept(2) ok | Sub Rule | Other Audit Success | Print Request |
| Solaris vtrace(2) failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris utssys(2) - fusers failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris symlink(2) failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris rexecd failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris rexd failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris process dumped core failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris doorfs(2) - DOOR_INFO failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris doorfs(2) - DOOR_CRED failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris doorfs(2) - DOOR_CREATE failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris doorfs(2) - DOOR_CALL failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris authorization used failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris inetd failrate failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris inetd copylimit failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris inetd connect failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris exportfs(2) failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris doorfs(2) - DOOR_REVOKE failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris doorfs(2) - DOOR_RETURN failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris priocntlsys(2) failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris one-sided session record failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris kernel cryptographic framework failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris junk failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris inst_sync(2) failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris inetd ratelimit failed | Sub Rule | Error | Other Audit Failure Message |
| Solaris configure kernel SSL failed | Sub Rule | Warning | Failed Kernel SSL Configure |
| Solaris fchdir(2) failed | Sub Rule | Error | Failed Change Working Directory |
| Solaris poweroff(1m) failed | Sub Rule | Error | Failed Processor Stop |
| Solaris halt(1m) failed | Sub Rule | Error | Failed Processor Stop |
| Solaris link(2) failed | Sub Rule | Warning | Failed File Link Creation |
| Solaris memcntl(2) failed | Sub Rule | Error | Failed Memory Management Operation |
| Solaris mctl(2) failed | Sub Rule | Error | Failed Memory Management Operation |
| Solaris mmap(2) failed | Sub Rule | Warning | Failed To Map Memory |
| Solaris msgrcvl(2) failed | Sub Rule | Error | Failed Message Receiving Operation |
| Solaris msgrcv(2) failed | Sub Rule | Error | Failed Message Receiving Operation |
| Solaris munmap(2) failed | Sub Rule | Error | Failed Memory Unmap |
| Solaris nice(2) failed | Sub Rule | Warning | Failed Process Priority Change |
| Solaris reboot(2) failed | Sub Rule | Error | Failed System Reboot |
| Solaris reboot(1m) failed | Sub Rule | Error | Failed System Reboot |
| Solaris shutdown(2) failed | Sub Rule | Error | Failed System Shut Down |
| Solaris shutdown(1b) failed | Sub Rule | Error | Failed System Shut Down |
| Solaris vfork(2) failed | Sub Rule | Error | Failed Process Start |
| Solaris doorfs(2) - DOOR_BIND ok | Sub Rule | Other Audit Success | Thread Bound To Server Pool |
| Solaris recvmsg(2) ok | Sub Rule | Other Audit Success | Message Received |
| Solaris recvfrom(2) ok | Sub Rule | Other Audit Success | Message Received |
| Solaris recv(2) ok | Sub Rule | Other Audit Success | Message Received |
| Solaris getmsg-receive ok | Sub Rule | Other Audit Success | Message Received |
| Solaris modctl(2) - load module ok | Sub Rule | Other Audit Success | Module Loaded |
| Solaris processor_bind(2) ok | Sub Rule | Other Audit Success | Processes Bound |
| Solaris renameat(2) ok | Sub Rule | Access Success | Object Renamed |
| Solaris rename(2) ok | Sub Rule | Access Success | Object Renamed |
| Solaris unauthenticated kadmind req failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris su failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris screenlock - unlock failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris role login failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris logout failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris kdc tkt-grant svc request failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris kdc tgs issue alt tgt failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris kdc tgs 2ndtkt mismtch failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris kdc authentication svc request failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris ftp logout failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris authenticated kadmind request failed | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Solaris create user ok | Sub Rule | Account Created | User Account Created |
| Solaris chmod(2) ok | Sub Rule | Access Success | Object Attribute Modified |
| Solaris uadmin(1m) ok | Sub Rule | Other Audit Success | Administrative Operation |
| Solaris munmap(2) ok | Sub Rule | Other Audit Success | Memory Unmapped |
| Solaris semop(2) ok | Sub Rule | Other Audit Success | Semaphore Operation |
| Solaris killpg(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris kill(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris getauid(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris zoneadmd ok | Sub Rule | Access Success | Command Executed |
| Solaris writevl(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris writev(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris enter prom ok | Sub Rule | Access Success | Command Executed |
| Solaris cron-invoke ok | Sub Rule | Access Success | Command Executed |
| Solaris chroot(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris chdir(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris auditsvc(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris audit(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris writel(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris write(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris fchroot(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris fchdir(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris execve(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris exec(2) ok | Sub Rule | Access Success | Command Executed |
Mapping of Catch All : Solaris 10 Audit with LR Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <vmid> | Text\String |
| N/A | <sip> | IP Address |
| from | <sname> | Text\String |
| N/A | <login> | Text\String |
| session | <session> | Number |
| N/A | <tag1> | Text\String |