Solaris 9: Hard limit exceeded
2007-12-25 5:32:00
I'm having some difficulty determing why audit_warn.sh is triggering
hard limit warnings to daemon.alert.
bash-2.05# more /etc/security/audit_control
dir:/var/log/auditlog
flags: lo,ad,ex,fm,-fw,-fc,-fd,na
naflags: lo,ad,ex,fm,-fw,-fc,-fd
minfree:20
/usr/sbin/auditconfig -setpolicy -cnt,argv,arge
# location for log overflow
dir:/opt/log/auditlog
None of my mounted filesystems are above even near being at capacity
bash-2.05# df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c1t1d0s0 60965916 9212604 51143653 16% /
/proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
swap 9781984 32 9781952 1% /var/run
swap 9805104 23152 9781952 1% /tmp
/dev/dsk/c1t1d0s5 957783 1041 899276 1% /globaldevices
I have no disk quotas enabled.
BSM is enabled and I'm running Solaris 9 4/4 with some but not all
patches currently installed.
I've read the majority of the audit related man pages and took the basis
of my solaris 9 hardening from the NSA Solaris 9 guidelines.
Recommendations on where to go next would be appreciated.
Regards,
Leif
Comments
Got something to say?
You must be logged in to post a comment.
