Category: 310-301

Exam 310-301: Sun Certified Security Administrator

What do you minimally need to do to get the pre-selection mask in effect for your test?

You administer a system which has BSM enabled. You just added an extra audit-class to the flag: entry in /etc/security/audit_control, and you executed audit -s. Now you want to validate that this extra class is audited correctly, so you execute a command that should generate an audit record. Unfortunately, nothing appears in the audit log because the audit pre-selection mask is not yet in effect. What do you minimally need to do to get the pre-selection mask in effect for your test?

What happened?

Refer to the Exhibit.

You notice that the following line has been added to /etc/passwd:

admin:x:0:0:Administrator:/:/bin/sh

You try to determine when this file was changed. You look at the file creation date, but based on that information, the file has not been touched since the system was installed. You look at the BSM logs for this system and find the three records that are shown in the exhibit.

What happened?


Page 1 of 1712345...10...Last »