Pattern 5 : Solaris 10 Object Access
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Pattern 5 : Solaris 10 Object Access | Base Rule | Other Audit Success | General Audit |
| Solaris unmount(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris unmount ok | Sub Rule | Access Success | Object Closed |
| Solaris unlinkat(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris unlink(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris umount2(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris close(2) ok | Sub Rule | Access Success | Object Closed |
| Solaris mknod(2) ok | Sub Rule | Access Success | Object Created |
| Solaris xmknod(2) ok | Sub Rule | Access Success | Object Created |
| Solaris symlink(2) ok | Sub Rule | Access Success | Object Created |
| Solaris creat(2) ok | Sub Rule | Access Success | Object Created |
| Solaris renameat(2) ok | Sub Rule | Access Success | Object Renamed |
| Solaris rename(2) ok | Sub Rule | Access Success | Object Renamed |
| Solaris writevl(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris writev(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris writel(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris write(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris execve(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris exec(2) ok | Sub Rule | Access Success | Command Executed |
| Solaris General Successful Access | Sub Rule | Access Success | Object Accessed |
| Solaris semgetl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris semget(2) ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - IPC_STAT command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETZCNT command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETVAL command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETPID command ok | Sub Rule | Access Success | Object Read |
| Solaris getportaudit(2) ok | Sub Rule | Access Success | Object Read |
| Solaris getkernstate(2) ok | Sub Rule | Access Success | Object Read |
| Solaris getdents(2) ok | Sub Rule | Access Success | Object Read |
| Solaris xstat(2) ok | Sub Rule | Access Success | Object Read |
| Solaris sysinfo(2) ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,creat ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read ok | Sub Rule | Access Success | Object Read |
| Solaris nfs_getfh(2) ok | Sub Rule | Access Success | Object Read |
| Solaris msgctl(2) - IPC_STAT command ok | Sub Rule | Access Success | Object Read |
| Solaris ioctl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris getuseraudit(2) ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,write ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - read,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,creat ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris open(2) - write ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,write ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - read,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris read(2) ok | Sub Rule | Access Success | Object Read |
| Solaris p_online(2) ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write,creat,trunc ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write,creat ok | Sub Rule | Access Success | Object Read |
| Solaris openat(2) - write ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETNCNT command ok | Sub Rule | Access Success | Object Read |
| Solaris semctl(2) - GETALL command ok | Sub Rule | Access Success | Object Read |
| Solaris readvl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris readv(2) ok | Sub Rule | Access Success | Object Read |
| Solaris readlink(2) ok | Sub Rule | Access Success | Object Read |
| Solaris readl(2) ok | Sub Rule | Access Success | Object Read |
| Solaris rmdir(2) ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete serial port ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete printer ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete network attributes ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris delete filesystem ok | Sub Rule | Access Success | Object Deleted/Removed |
| Solaris rmdir(2) failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete serial port failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete printer failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete network attributes failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris delete filesystem failed | Sub Rule | Access Failure | Delete/Remove Object Failure |
| Solaris socket(2) failed | Sub Rule | Access Failure | Create Object Failure |
| Solaris fchownat(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris fchown(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris writevl(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris writev(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris writel(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris write(2) failed | Sub Rule | Access Failure | Modify Object Failure |
| Solaris unmount(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris unmount failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris unlinkat(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris unlink(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris umount2(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris close(2) failed | Sub Rule | Access Failure | Close Object Failure |
| Solaris xstat(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris sysinfo(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris semgetl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris semget(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readvl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readv(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getuseraudit(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getportaudit(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getkernstate(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris getdents(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris auditstat(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris nfs_getfh(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris ioctl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - read,write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris open(2) - write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write,creat failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - read,write failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readlink(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris readl(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris read(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris p_online(2) failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris openat(2) - write,creat,trunc failed | Sub Rule | Access Failure | Access Object Failure |
| Solaris renameat(2) failed | Sub Rule | Access Failure | Rename Object Failure |
| Solaris rename(2) failed | Sub Rule | Access Failure | Rename Object Failure |
| Solaris semctl(2) - IPC_STAT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETZCNT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETVAL command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETPID command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETNCNT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris semctl(2) - GETALL command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris msgctl(2) - IPC_STAT command failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris execve(2) failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris exec(2) failed | Sub Rule | Access Failure | Command Execution Failure |
| Solaris fchownat(2) ok | Sub Rule | Policy | Policy Modified : Object |
| Solaris fchown(2) ok | Sub Rule | Policy | Policy Modified : Object |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <vmid> | Number |
| N/A | <sip> | Number |
| N/A | <sname> | Text\String |
| N/A | <login> | Text\String |
| N/A | <session> | Text\String |
| N/A | <object> | Text\String |
| N/A | <tag1> | Text\String |