SSH

Auditing with Solaris BSM

On Solaris platforms, Basic Security Module (BSM) can be used to audit Secure Shell log-in (both failed and successful) and log-out events.

The log-in events are audited with the event ID 34543 (AUE_tectia) and the log-outs with event ID AUE_logout.

When auditing AUE_tectia events, add the following line to /etc/security/audit_event:

34543:AUE_tectia:login - ssh:lo

To prevent clashes with other BSM-aware third-party applications, you can change the AUE_tectia event ID to a unique one by exporting the environment variable SSH_BSM_AUDIT_EVENT_ID=<event_id> before you start Tectia Server.