Use auditoria.
Auditoria do Solaris (visão geral)
Auditing generates audit records when specified events occur. Most commonly, events that generate audit records include the following:
- System startup and system shutdown
- Login and logout
- Process creation or process destruction, or thread creation or thread destruction
- Opening, closing, creating, destroying, or renaming of objects
- Use of privilege capabilities or role-based access control (RBAC)
- Identification actions and authentication actions
- Permission changes by a process or user
- Administrative actions, such as installing a package
- Site-specific applications
Audit records are generated from three sources:
- By an application
- As a result of an asynchronous audit event
- As a result of a process system call
Um bom artigo do blog sobre a auditoria do Solaris pode ser encontrado aqui .