Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Catch All : Solaris 10 Audit |
Base Rule |
Other Audit Success |
General Audit |
|
Solaris nfssvc(2) exited ok |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
Solaris sendto(2) ok |
Sub Rule |
Information |
Filestream Information |
|
Solaris sendmsg(2) ok |
Sub Rule |
Information |
Filestream Information |
|
Solaris send(2) ok |
Sub Rule |
Information |
Filestream Information |
|
Solaris putpmsg(2) ok |
Sub Rule |
Information |
Filestream Information |
|
Solaris putmsg-send ok |
Sub Rule |
Information |
Filestream Information |
|
Solaris putmsg-connect ok |
Sub Rule |
Information |
Filestream Information |
|
Solaris putmsg(2) ok |
Sub Rule |
Information |
Filestream Information |
|
Solaris unmount(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris unmount failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris unlinkat(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris unlink(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris umount2(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris close(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris xstat(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris sysinfo(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris semgetl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris semget(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readvl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readv(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get audit statistics failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get audit state failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get audit policy flags failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - GESTATE command failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - GETTERMID command failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get queue cntrl param failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get kernel mask failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get event class failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get curr working dir failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - get curr active root failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris doorfs(2) - DOOR_UNBIND failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris doorfs(2) - DOOR_BIND failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris chroot(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris chdir(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditstat(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditon(2) - reset audit statistics failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris ioctl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getuseraudit(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getportaudit(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getkernstate(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getdents(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris fchroot(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris nfs_getfh(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris msgctl(2) - IPC_STAT command failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris semgetl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semget(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - IPC_STAT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETZCNT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETVAL command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETPID command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getportaudit(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getkernstate(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getdents(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris xstat(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris sysinfo(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris nfs_getfh(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris msgctl(2) - IPC_STAT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris ioctl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getuseraudit(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris read(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris p_online(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETNCNT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETALL command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readvl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readv(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readlink(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris kdc tkt-grant svc request ok |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Solaris kdc tgs issue alt tgt ok |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Solaris kdc authentication svc request ok |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Solaris unauthenticated kadmind req ok |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Solaris su ok |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Solaris ftp access ok |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Solaris authenticated kadmind request ok |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Solaris open(2) - read,write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readlink(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris read(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris p_online(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris renameat(2) failed |
Sub Rule |
Access Failure |
Rename Object Failure |
|
Solaris rename(2) failed |
Sub Rule |
Access Failure |
Rename Object Failure |
|
Solaris accept(2) failed |
Sub Rule |
Access Failure |
Initialize Object Failure |
|
Solaris setgroups(2) ok |
Sub Rule |
Account Modified |
Group Attribute Modified |
|
Solaris setegid(2) ok |
Sub Rule |
Account Modified |
Group Attribute Modified |
|
Solaris setgid(2) ok |
Sub Rule |
Account Modified |
Group Attribute Modified |
|
Solaris setregid(2) ok |
Sub Rule |
Account Modified |
Group Attribute Modified |
|
Solaris setkernstate(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris sethostname(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris setdomainname(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris semctl(2) - SETVAL command ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris semctl(2) - SETALL command ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris adjtime(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris add serial port ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris add scheduled job ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris add printer ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris add filesystem ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris configure socket ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris configure kernel SSL ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris bind(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris at-create atjob ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris async_daemon(2) exited ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris async_daemon(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris setrlimit(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris setpriority(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris flock(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris crontab-modify ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris crontab-crontab created ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris connect(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris init(1m) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris utimes(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris rsh access failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris newgrp login failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris login - zlogin failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris login - telnet failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris login - ssh failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris login - rlogin failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris login - local failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris ftp access failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris admin login failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Solaris writevl(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris writev(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris writel(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris write(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris utimes(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setuseraudit(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris add printer failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris add network attributes failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris add filesystem failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris acl(2) - SETACL command failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris acct(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris chmod(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris audit(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris at-permission failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris add user/user attributes failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris add serial port failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris add scheduled job failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris enable user failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris disable user failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris delete user/user attributes failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris crontab-persmisson failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris crontab-modify failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris chown(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modctl(2) - configure addtl priv failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris lchown(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris futimesat(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris fchownat(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris fchown(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris fchmod(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modify serial port failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modify scheduled job failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modify printer failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modify network attributes failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modify filesystem failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modctl(2) - configure device policy failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris utime(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setuid(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setpgrp(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setgid(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modify user/user attributes failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris modify user failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setauid(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setaudit_addr(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris screenlock - unlock ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris rsh access ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris role login ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris newgrp login ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris login - zlogin ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris login - telnet ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris login - ssh ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris login - rlogin ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris login - local ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris admin login ok |
Sub Rule |
Authentication Success |
User Logon |
|
Solaris semctl(2) - IPC_RMID command ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris rmdir(2) ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris msgctl(2) - IPC_RMID command ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete serial port ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete printer ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete network attributes ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete filesystem ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris ftruncate(2) ok |
Sub Rule |
Access Success |
Object Initialized |
|
Solaris truncate(2) ok |
Sub Rule |
Access Success |
Object Initialized |
|
Solaris rmdir(2) failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete user failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete serial port failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete scheduled job failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete printer failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete network attributes failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete filesystem failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris crontab-crontab deleted failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris at-delete atjob (at or atrm) failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris xmknod(2) failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris socket(2) failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris pipe(2) failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris mknod(2) failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris mkdir(2) failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris crontab-crontab created failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris create user failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris creat(2) failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris at-create atjob failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris crontab-persmisson ok |
Sub Rule |
Access Granted |
Privilege Granted |
|
Solaris fchownat(2) ok |
Sub Rule |
Policy |
Policy Modified : Object |
|
Solaris fchown(2) ok |
Sub Rule |
Policy |
Policy Modified : Object |
|
Solaris fchmod(2) ok |
Sub Rule |
Policy |
Policy Modified : Object |
|
Solaris settimeofday(2) failed |
Sub Rule |
Warning |
Failed System Time Change |
|
Solaris stime(2) failed |
Sub Rule |
Warning |
Failed System Time Change |
|
Solaris async_daemon(2) exited failed |
Sub Rule |
Error |
Failed Local NFS Asynch I/O Server |
|
Solaris async_daemon(2) failed |
Sub Rule |
Error |
Failed Local NFS Asynch I/O Server |
|
Solaris clock_settime(3RT) failed |
Sub Rule |
Warning |
Failed High Resolution Clock Operation |
|
Solaris configure socket failed |
Sub Rule |
Warning |
Failed Socket Configuration |
|
Solaris deallocate-device failure failed |
Sub Rule |
Error |
Failed Device De-Allocation |
|
Solaris dup2(2) failed |
Sub Rule |
Error |
Failed File Descriptor Duplication |
|
Solaris truncate(2) failed |
Sub Rule |
Warning |
Failed To Set File Length |
|
Solaris ftruncate(2) failed |
Sub Rule |
Warning |
Failed To Set File Length |
|
Solaris getpmsg(2) failed |
Sub Rule |
Error |
Failed To Accept Message |
|
Solaris getmsg-receive failed |
Sub Rule |
Error |
Failed To Accept Message |
|
Solaris swapon(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris socketpair(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris settimeofday(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris setsockopt(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris modify serial port ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris modify scheduled job ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris modify printer ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris modify network attributes ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris mmap(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris link(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris quotactl(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris pipe(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris stime(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris setpgrp(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris nice(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris ntp_adjtime(2) ok |
Sub Rule |
Configuration |
Configuration Modified : System |
|
Solaris add network attributes ok |
Sub Rule |
Configuration |
Configuration Loaded : System |
|
Solaris enable user ok |
Sub Rule |
Access Granted |
Account Enabled |
|
Solaris disable user ok |
Sub Rule |
Access Revoked |
Account Disabled |
|
Solaris semctl(2) - illegal command ok |
Sub Rule |
Suspicious |
Suspicious Activity |
|
Solaris msgctl(2) - illegal command ok |
Sub Rule |
Information |
File System Mounted |
|
Solaris mount(2) ok |
Sub Rule |
Information |
File System Mounted |
|
Solaris mount ok |
Sub Rule |
Information |
File System Mounted |
|
Solaris reboot(2) ok |
Sub Rule |
Startup and Shutdown |
System Restarted |
|
Solaris reboot(1m) ok |
Sub Rule |
Startup and Shutdown |
System Restarted |
|
Solaris access(2) failed |
Sub Rule |
Error |
Failed File Access Check |
|
Solaris auditon(2) - set queue cntrl param failed |
Sub Rule |
Error |
Failed Auditing Set |
|
Solaris auditon(2) - set mask per sess ID failed |
Sub Rule |
Error |
Failed Auditing Set |
|
Solaris auditon(2) - set mask per audit uid failed |
Sub Rule |
Error |
Failed Auditing Set |
|
Solaris auditon(2) - set kernel mask failed |
Sub Rule |
Error |
Failed Auditing Set |
|
Solaris auditon(2) - set event class failed |
Sub Rule |
Error |
Failed Auditing Set |
|
Solaris auditon(2) - set audit state failed |
Sub Rule |
Error |
Failed Auditing Set |
|
Solaris auditon(2) - set audit policy flags failed |
Sub Rule |
Error |
Failed Auditing Set |
|
Solaris connect(2) failed |
Sub Rule |
Error |
Failed Socket Connection |
|
Solaris flock(2) failed |
Sub Rule |
Other Audit Failure |
Failed Advisory Lock Apply/Remove |
|
Solaris indir system call failed |
Sub Rule |
Error |
Failed System Call |
|
Solaris killpg(2) failed |
Sub Rule |
Warning |
Failed Process Signal Send |
|
Solaris kill(2) failed |
Sub Rule |
Warning |
Failed Process Signal Send |
|
Solaris modctl(2) - load module failed |
Sub Rule |
Error |
Failed To Load Module |
|
Solaris modctl(2) - no longer generated failed |
Sub Rule |
Error |
Failed Module Execution |
|
Solaris nfs_svc(2) failed |
Sub Rule |
Error |
Failed NFS Service Startup |
|
Solaris nfs server failed |
Sub Rule |
Error |
Failed NFS Service Startup |
|
Solaris nfssvc(2) exited failed |
Sub Rule |
Error |
Failed NFS Service Stop |
|
Solaris ntp_adjtime(2) failed |
Sub Rule |
Warning |
Failed Local Clock Properties Change |
|
Solaris screenlock - lock failed |
Sub Rule |
Warning |
Failed Screen Lock |
|
Solaris shmdt(2) failed |
Sub Rule |
Error |
Failed Shared Memory Operation |
|
Solaris shmat(2) failed |
Sub Rule |
Error |
Failed Shared Memory Operation |
|
Solaris lchown(2) ok |
Sub Rule |
Access Granted |
Ownership Granted |
|
Solaris chown(2) ok |
Sub Rule |
Access Granted |
Ownership Granted |
|
Solaris modify filesystem ok |
Sub Rule |
Access Success |
Object Modified |
|
Solaris futimesat(2) ok |
Sub Rule |
Access Success |
Object Modified |
|
Solaris getaudit(2) ok |
Sub Rule |
Other Audit Success |
Process Auditing Address Received |
|
Solaris modctl(2) - unload module ok |
Sub Rule |
Other Audit |
Module Unloaded |
|
Solaris setaudit(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris semctl(2) - SETVAL command failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris semctl(2) - SETALL command failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris profile command failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setkernstate(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris sethostname(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setgroups(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris seteuid(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setegid(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setdomainname(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setsockopt(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setrlimit(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setreuid(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setregid(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setpriority(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris setppriv(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris zoneadmd failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris uadmin(1m) failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris shmctl(2) - IPC_STAT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris shmctl(2) - IPC_SET command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris shmctl(2) - IPC_RMID command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris shmctl(2) - illegal command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris cron-invoke failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris auditon(2) - SETTERMID command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris auditon(2) - SESTATE command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETALL command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris msgctl(2) - IPC_RMID command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris facl(2) - SETACL command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris execve(2) failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris exec(2) failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris enter prom failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - IPC_STAT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - IPC_RMID command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETZCNT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETVAL command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETPID command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETNCNT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris setauid(2) ok |
Sub Rule |
Configuration |
Configuration Modified : Security |
|
Solaris setaudit_addr(2) ok |
Sub Rule |
Configuration |
Configuration Modified : Security |
|
Solaris setaudit(2) ok |
Sub Rule |
Configuration |
Configuration Modified : Security |
|
Solaris add user/user attributes ok |
Sub Rule |
Configuration |
Configuration Modified : Security |
|
Solaris setppriv(2) ok |
Sub Rule |
Policy |
Policy Enabled : System |
|
Solaris modctl(2) - configure device policy ok |
Sub Rule |
Policy |
Policy Enabled : System |
|
Solaris modctl(2) - configure addit priv ok |
Sub Rule |
Policy |
Policy Enabled : System |
|
Solaris acct(2) ok |
Sub Rule |
Policy |
Policy Enabled : System |
|
Solaris at-permission ok |
Sub Rule |
Policy |
Policy Enabled : Object |
|
Solaris socket(2) ok |
Sub Rule |
Information |
Communication Endpoint Created |
|
Solaris allocate-list devices failure failed |
Sub Rule |
Error |
Failed Device Allocation |
|
Solaris allocate-device failure failed |
Sub Rule |
Error |
Failed Device Allocation |
|
Solaris auditsvc(2) failed |
Sub Rule |
Other Audit Failure |
Failed Audit Log Write |
|
Solaris getmsg-accept failed |
Sub Rule |
Error |
Failed To Accept Message |
|
Solaris modctl(2) - bind module failed |
Sub Rule |
Error |
Failed Module Bind |
|
Solaris modctl(2) - unload module failed |
Sub Rule |
Warning |
Failed Module Unload |
|
Solaris msggetl(2) failed |
Sub Rule |
Error |
Failed Message Queue Retrieval |
|
Solaris msgget(2) failed |
Sub Rule |
Error |
Failed Message Queue Retrieval |
|
Solaris sendto(2) failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris sendmsg(2) failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris send(2) failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris putpmsg(2) failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris putmsg-send failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris putmsg-connect failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris putmsg(2) failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris msgsndl(2) failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris msgsnd(2) failed |
Sub Rule |
Error |
Failed Message Sending Operation |
|
Solaris quotactl(2) failed |
Sub Rule |
Error |
Failed Disk Quotas Change |
|
Solaris recvmsg(2) failed |
Sub Rule |
Warning |
Failed to Receive Message |
|
Solaris recvfrom(2) failed |
Sub Rule |
Warning |
Failed to Receive Message |
|
Solaris recv(2) failed |
Sub Rule |
Warning |
Failed to Receive Message |
|
Solaris semop(2) failed |
Sub Rule |
Error |
Failed Semaphore Operation |
|
Solaris smserverd failed |
Sub Rule |
Error |
Failed Service Start |
|
Solaris socketpair(2) failed |
Sub Rule |
Warning |
Failed Pair of Connected Sockets Created |
|
Solaris doorfs(2) - DOOR_UNBIND ok |
Sub Rule |
Other Audit Success |
Thread Unbound From Server Pool |
|
Solaris nfs_svc(2) ok |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
Solaris nfs server ok |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
Solaris vfork(2) ok |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
Solaris system booted ok |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
Solaris smserverd ok |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
Solaris fork1(2) ok |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
Solaris fork(2) ok |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
Solaris getmsg-accept ok |
Sub Rule |
Other Audit Success |
Message Accepted |
|
Solaris modctl(2) - bind module ok |
Sub Rule |
Other Audit Success |
Module Bound |
|
Solaris modctl(2) - no longer generated ok |
Sub Rule |
Other Audit Success |
Module Completed |
|
Solaris semctl(2) - IPC_SET command ok |
Sub Rule |
Other Audit Success |
Memory Segment Assigned |
|
Solaris msgctl(2) - IPC_SET command ok |
Sub Rule |
Other Audit Success |
Memory Segment Assigned |
|
Solaris rexecd ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris rexd ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris process dumped core ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris priocntlsys(2) ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris doorfs(2) - DOOR_RETURN ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris doorfs(2) - DOOR_INFO ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris doorfs(2) - DOOR_CRED ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris doorfs(2) - DOOR_CREATE ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris doorfs(2) - DOOR_CALL ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris authorization used ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris inetd copylimit ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris inetd connect ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris vtrace(2) ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris utssys(2) - fusers ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris exportfs(2) ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris doorfs(2) - DOOR_REVOKE ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris one-sided session record ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris kernel cryptographic framework ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris logout ok |
Sub Rule |
Authentication Success |
User Logoff |
|
Solaris ftp logout ok |
Sub Rule |
Authentication Success |
User Logoff |
|
Solaris statvfs(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris statfs(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris shmgetl(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris shmget(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris stat(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris lxstat(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris fstatfs(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris fstatat(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris fstat(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris fcntl(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris lstat(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris lseek(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris getmsg(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris getauid(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris getaudit_addr(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris getaudit(2) failed |
Sub Rule |
Access Failure |
Read Object Failure |
|
Solaris delete scheduled job ok |
Sub Rule |
Configuration |
Configuration Deleted : System |
|
Solaris crontab-crontab deleted ok |
Sub Rule |
Configuration |
Configuration Deleted : System |
|
Solaris at-delete atjob (at or atrm) ok |
Sub Rule |
Configuration |
Configuration Deleted : System |
|
Solaris facl(2) - SETACL command ok |
Sub Rule |
Policy |
Policy Enabled : Firewall/ACL |
|
Solaris acl(2) - SETACL command ok |
Sub Rule |
Policy |
Policy Enabled : Firewall/ACL |
|
Solaris setuseraudit(2) ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - SETTERMID command ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - set queue cntrl param ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - set mask per session ID ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - set mask per audit uid ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - set kernel mask ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - set event class ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - set audit state ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - set audit policy flags ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris auditon(2) - SESTATE command ok |
Sub Rule |
Policy |
Policy Enabled : Auditing |
|
Solaris unmount(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris unmount ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris unlinkat(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris unlink(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris umount2(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris close(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris mknod(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris mkdir(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris xmknod(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris symlink(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris creat(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris init(1m) failed |
Sub Rule |
Warning |
Failed Process Control Initialization |
|
Solaris fork1(2) failed |
Sub Rule |
Error |
Failed Process Creation |
|
Solaris fork(2) failed |
Sub Rule |
Error |
Failed Process Creation |
|
Solaris exit(2) failed |
Sub Rule |
Error |
Failed Process Termination |
|
Solaris exit prom failed |
Sub Rule |
Error |
Failed Process Termination |
|
Solaris adjtime(2) failed |
Sub Rule |
Warning |
Failed Time Synchronization |
|
Solaris bind(2) failed |
Sub Rule |
Other Audit Failure |
Failed Configuration |
|
Solaris msgctl(2) - illegal command failed |
Sub Rule |
Error |
Failed File System Mount |
|
Solaris mount(2) failed |
Sub Rule |
Error |
Failed File System Mount |
|
Solaris mount failed |
Sub Rule |
Error |
Failed File System Mount |
|
Solaris screenlock - lock ok |
Sub Rule |
Other Audit |
Screen Locked |
|
Solaris pathconf(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris msggetl(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris msgget(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris lxstat(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris lstat(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris getpmsg(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get audit policy flags ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - GESTATE command ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris access(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get kernel mask ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get event class ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get curr working dir ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get current active root ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get audit statistics ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get audit state ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris shmget(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris fstatfs(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris fstatat(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris fstat(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - GETTERMID command ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris auditon(2) - get queue cntrl param ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris getmsg(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris getaudit_addr(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris statvfs(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris statfs(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris stat(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris shmgetl(2) ok |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris seteuid(2) ok |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Solaris profile command ok |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Solaris setuid(2) ok |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Solaris modify user/user attributes ok |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Solaris modify user ok |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Solaris setreuid(2) ok |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Solaris passwd ok |
Sub Rule |
Account Modified |
Password Modified |
|
Solaris passwd failed |
Sub Rule |
Other Audit Failure |
Failed Password Change Attempt |
|
Solaris allocate-list devices success ok |
Sub Rule |
Other Audit Success |
Device Allocated |
|
Solaris allocate-device success ok |
Sub Rule |
Other Audit Success |
Device Allocated |
|
Solaris fcntl(2) ok |
Sub Rule |
Other Audit Success |
File Control Operation |
|
Solaris dup2(2) ok |
Sub Rule |
Other Audit Success |
File Descriptor Duplicated |
|
Solaris auditon(2) - reset audit statistics ok |
Sub Rule |
Other Audit Success |
Audit Statistics Reset |
|
Solaris utime(2) ok |
Sub Rule |
Other Audit |
File Modification Times Set |
|
Solaris semctl(2) - illegal command failed |
Sub Rule |
Failed Suspicious |
Failed Suspicious Host Activity |
|
Solaris junk ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris inst_sync(2) ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris inetd ratelimit ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris inetd failrate ok |
Sub Rule |
Other Audit Success |
General Audit |
|
Solaris delete user/user attributes ok |
Sub Rule |
Account Deleted |
User Account Deleted |
|
Solaris delete user ok |
Sub Rule |
Account Deleted |
User Account Deleted |
|
Solaris shutdown(2) ok |
Sub Rule |
Startup and Shutdown |
System Shutdown |
|
Solaris shutdown(1b) ok |
Sub Rule |
Startup and Shutdown |
System Shutdown |
|
Solaris poweroff(1m) ok |
Sub Rule |
Startup and Shutdown |
System Shutting Down |
|
Solaris halt(1m) ok |
Sub Rule |
Startup and Shutdown |
System Shutting Down |
|
Solaris lseek(2) ok |
Sub Rule |
Other Audit Success |
File Pointer Operation |
|
Solaris memcntl(2) ok |
Sub Rule |
Other Audit Success |
Memory Management Operation |
|
Solaris mctl(2) ok |
Sub Rule |
Other Audit Success |
Memory Management Operation |
|
Solaris shmdt(2) ok |
Sub Rule |
Other Audit Success |
Shared Memory Operation |
|
Solaris shmctl(2) - IPC_STAT command ok |
Sub Rule |
Other Audit Success |
Shared Memory Operation |
|
Solaris shmctl(2) - IPC_SET command ok |
Sub Rule |
Other Audit Success |
Shared Memory Operation |
|
Solaris shmctl(2) - IPC_RMID command ok |
Sub Rule |
Other Audit Success |
Shared Memory Operation |
|
Solaris shmctl(2) - illegal command ok |
Sub Rule |
Other Audit Success |
Shared Memory Operation |
|
Solaris shmat(2) ok |
Sub Rule |
Other Audit Success |
Shared Memory Operation |
|
Solaris indir system call ok |
Sub Rule |
Other Audit Success |
System Call |
|
Solaris clock_settime(3RT) ok |
Sub Rule |
Other Audit Success |
High Resolution Clock Operation |
|
Solaris semctl(2) - IPC_SET command failed |
Sub Rule |
Error |
Failed To Assign Memory Segment |
|
Solaris msgctl(2) - IPC_SET command failed |
Sub Rule |
Error |
Failed To Assign Memory Segment |
|
Solaris pathconf(2) failed |
Sub Rule |
Error |
Failed Configurable Pathname Variables Retrieve |
|
Solaris processor_bind(2) failed |
Sub Rule |
Error |
Failed Processes Bind |
|
Solaris swapon(2) failed |
Sub Rule |
Error |
Failed Swap Space Added |
|
Solaris system booted failed |
Sub Rule |
Error |
Failed System Boot |
|
Solaris auditstat(2) ok |
Sub Rule |
Other Audit Success |
Kernel Audit Statistics Displayed |
|
Solaris deallocate-device success ok |
Sub Rule |
Other Audit Success |
Device De-Allocated |
|
Solaris exit(2) ok |
Sub Rule |
Startup and Shutdown |
Process/Service Stopping |
|
Solaris exit prom ok |
Sub Rule |
Startup and Shutdown |
Process/Service Stopping |
|
Solaris msgrcvl(2) ok |
Sub Rule |
Other Audit Success |
Message Receiving Operation |
|
Solaris msgrcv(2) ok |
Sub Rule |
Other Audit Success |
Message Receiving Operation |
|
Solaris msgsndl(2) ok |
Sub Rule |
Other Audit Success |
Message Sending Operation |
|
Solaris msgsnd(2) ok |
Sub Rule |
Other Audit Success |
Message Sending Operation |
|
Solaris accept(2) ok |
Sub Rule |
Other Audit Success |
Print Request |
|
Solaris vtrace(2) failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris utssys(2) - fusers failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris symlink(2) failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris rexecd failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris rexd failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris process dumped core failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris doorfs(2) - DOOR_INFO failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris doorfs(2) - DOOR_CRED failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris doorfs(2) - DOOR_CREATE failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris doorfs(2) - DOOR_CALL failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris authorization used failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris inetd failrate failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris inetd copylimit failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris inetd connect failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris exportfs(2) failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris doorfs(2) - DOOR_REVOKE failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris doorfs(2) - DOOR_RETURN failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris priocntlsys(2) failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris one-sided session record failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris kernel cryptographic framework failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris junk failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris inst_sync(2) failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris inetd ratelimit failed |
Sub Rule |
Error |
Other Audit Failure Message |
|
Solaris configure kernel SSL failed |
Sub Rule |
Warning |
Failed Kernel SSL Configure |
|
Solaris fchdir(2) failed |
Sub Rule |
Error |
Failed Change Working Directory |
|
Solaris poweroff(1m) failed |
Sub Rule |
Error |
Failed Processor Stop |
|
Solaris halt(1m) failed |
Sub Rule |
Error |
Failed Processor Stop |
|
Solaris link(2) failed |
Sub Rule |
Warning |
Failed File Link Creation |
|
Solaris memcntl(2) failed |
Sub Rule |
Error |
Failed Memory Management Operation |
|
Solaris mctl(2) failed |
Sub Rule |
Error |
Failed Memory Management Operation |
|
Solaris mmap(2) failed |
Sub Rule |
Warning |
Failed To Map Memory |
|
Solaris msgrcvl(2) failed |
Sub Rule |
Error |
Failed Message Receiving Operation |
|
Solaris msgrcv(2) failed |
Sub Rule |
Error |
Failed Message Receiving Operation |
|
Solaris munmap(2) failed |
Sub Rule |
Error |
Failed Memory Unmap |
|
Solaris nice(2) failed |
Sub Rule |
Warning |
Failed Process Priority Change |
|
Solaris reboot(2) failed |
Sub Rule |
Error |
Failed System Reboot |
|
Solaris reboot(1m) failed |
Sub Rule |
Error |
Failed System Reboot |
|
Solaris shutdown(2) failed |
Sub Rule |
Error |
Failed System Shut Down |
|
Solaris shutdown(1b) failed |
Sub Rule |
Error |
Failed System Shut Down |
|
Solaris vfork(2) failed |
Sub Rule |
Error |
Failed Process Start |
|
Solaris doorfs(2) - DOOR_BIND ok |
Sub Rule |
Other Audit Success |
Thread Bound To Server Pool |
|
Solaris recvmsg(2) ok |
Sub Rule |
Other Audit Success |
Message Received |
|
Solaris recvfrom(2) ok |
Sub Rule |
Other Audit Success |
Message Received |
|
Solaris recv(2) ok |
Sub Rule |
Other Audit Success |
Message Received |
|
Solaris getmsg-receive ok |
Sub Rule |
Other Audit Success |
Message Received |
|
Solaris modctl(2) - load module ok |
Sub Rule |
Other Audit Success |
Module Loaded |
|
Solaris processor_bind(2) ok |
Sub Rule |
Other Audit Success |
Processes Bound |
|
Solaris renameat(2) ok |
Sub Rule |
Access Success |
Object Renamed |
|
Solaris rename(2) ok |
Sub Rule |
Access Success |
Object Renamed |
|
Solaris unauthenticated kadmind req failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris su failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris screenlock - unlock failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris role login failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris logout failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris kdc tkt-grant svc request failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris kdc tgs issue alt tgt failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris kdc tgs 2ndtkt mismtch failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris kdc authentication svc request failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris ftp logout failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris authenticated kadmind request failed |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Solaris create user ok |
Sub Rule |
Account Created |
User Account Created |
|
Solaris chmod(2) ok |
Sub Rule |
Access Success |
Object Attribute Modified |
|
Solaris uadmin(1m) ok |
Sub Rule |
Other Audit Success |
Administrative Operation |
|
Solaris munmap(2) ok |
Sub Rule |
Other Audit Success |
Memory Unmapped |
|
Solaris semop(2) ok |
Sub Rule |
Other Audit Success |
Semaphore Operation |
|
Solaris killpg(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris kill(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris getauid(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris zoneadmd ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris writevl(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris writev(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris enter prom ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris cron-invoke ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris chroot(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris chdir(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris auditsvc(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris audit(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris writel(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris write(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris fchroot(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris fchdir(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris execve(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris exec(2) ok |
Sub Rule |
Access Success |
Command Executed |
Mapping of Catch All : Solaris 10 Audit with LR Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Text\String |
|
N/A |
<sip> |
IP Address |
|
from |
<sname> |
Text\String |
|
N/A |
<login> |
Text\String |
|
session |
<session> |
Number |
|
N/A |
<tag1> |
Text\String |