BSM Security Auditing for Solaris Servers

Although Solaris servers might be inside the firewall and relatively secure, there are still chances for a hacker to break in, or chances for an ordinary user to attempt malicious activities. Therefore, security efforts have to be made to detect intruders and to prevent unauthorized actions. One of the security utilities for Solaris servers is called BSM (Basic Security Module), which is an auditing tool for system security provided by SUN Microsystems. We can make use of it to increase security on our Solaris systems. This article discusses the pros and cons of BSM. It describes how to enable, configure, and manage the BSM auditing on Solaris servers to secure the system. Based on the author's experience, this article also gives a few solutions to overcome some problems and disadvantages of BSM. Solaris is a SUN Microsystems's OS product in the UNIX world. Solaris is heavily used and provides excellent networking solutions for both private and government sectors. BSM is a subsystem under the Solaris Operating Environment and it has been a feature of this Environment since Solaris version 2.5. The full name of the subsystem is SolarisOE SunSHIELD™ Basic Security Module. This auditing tool was added to Solaris to provide the features required by the Trusted Computer System Evaluation Criteria (TCSEC) to a security level referred to as C2. The TCSEC has been superseded by the newer and more internationally recognized Common Criteria security requirements. The Solaris 8 Operating Environment is certified at Evaluated Assurance Level 4 (EAL4) under the Controlled Access Protection Profile (CAPP) of the Common Criteria IT security evaluation. Basically, this means that the Solaris Operating Environment has been tested and verified to meet security standards set for operating systems that allow user discretionary access control.