BSM LAB
      BASIC SECURITY MODULE LAB

      
      Add a back door, in case you cannot login as root:
          # useradd -o -u0 -g0 -c"Audit" -d / audit
          # passwd audit
          
      Enable the Basic Security Module:
          # cd /etc/security
          # ./bsmconv
    
      Configure BSM
          # vi audit_control
              dir:/var/audit     (usually a separate slice)
              flags:lo,ad,-fm
              minfree:20
              naflags:lo
          
      Configure the events to be logged for each user:
          # vi audit_user
              root:lo:no
              fred:all:+fr
              groucho:all,^+fr:no
          
      Reboot with BSM logging enabled:
          # init 6
          
      Login as root.
      Create some events for user fred:
          # telnet localhost
              login: fred
              password: fred
              $ date >today
              $ rm today
              $ cat /etc/shadow
              $ exit
      
      Display all events:
          # auditreduce | praudit

      Display login events for Fred:
          # auditreduce -u fred -c lo | praudit

      Display file creation events (today was created):
          # auditreduce -u fred -c fc | praudit

      Display file deletion events (today was deleted):
          # auditreduce -u fred -c fd | praudit

      Display events for the file called "/etc/shadow"
          # auditreduce -u fred -o file=/etc/shadow | praudit

      OPTIONAL: Securing A Peripheral Device on Page 3-31

      Remove the Basic Security Module:
          # /etc/security/bsmunconv
          # rm /etc/system
          # init 6