unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



auditconfig(8)						       auditconfig(8)



NAME

  auditconfig, audit_setup - Audit subsystem configuration graphical inter-
  face (Enhanced Security)

SYNOPSIS

  /usr/sbin/sysman auditconfig

  NOTE:	 The audit_setup utility has been replaced by the auditconfig graphi-
  cal interface.

DESCRIPTION

  The auditconfig graphical user interface is used interactively to establish
  the audit environment	on your	system.	 The interface can be selected from
  the Sysman menu, syman_station (including PC clients), or it can be started
  from the command line.  See the sysman(8) and	syman_station(8) reference
  pages	for more details.

  If a kernel rebuild is required as part of the configuration,	auditconf
  guides the user through the rebuild and reboot.  The auditconfig interface
  configures the following aspects of the audit	subsystem:

    +  Location	of the audit logs.  The	/var/audit/ directory is the default
       area.

    +  Action for the audit subsystem to take if the file space	allocated for
       audit logs is exhausted.

    +  Trimming	of audit logs.

    +  Enable accepting	audit data from	remote systems.

    +  Select the profiles/categories of events	to be audited.

    +  Include environment strings with	an execv or execve system call.

  You must be root to run auditconfig.

FILES

  /etc/sec/event_aliases
       A set of	aliases	by which logically related groupings of	events can be
       constructed.  You can modify this set of	aliases	to suit	your site's
       requirements.

  /etc/sec/auditmask_style
       Auditmask style selections.

  /etc/sec/auditd_clients
       A list of hosts from which audit	data can be accepted.

  /etc/sec/auditd_loc
       A list of alternative locations in which	auditd stores audit data when
       an overflow condition is	reached.

  /etc/sec/audit_events
       A list of all security-relevant system calls and	trusted	(application)
       events.	You can	modify this file or use	it as a	template.

  /etc/sec/file_objects/*
       The list	of files that auditconfig used to enable object	selection or
       deselection.

  /etc/rc.config.common
       The cluster-wide	rc variables for the audit subsystem.

  /etc/sec/rc_audit_events
       Used for	input to rc.config.common for audit events during system ini-
       tialization.

  /etc/sec/fs_objects
       Created when object (de)selection is derived from a profile(category).
       It contains the selected	profile's entries of file objects.

RELATED	INFORMATION

  Commands: auditmask(8), auditd(8), sysman(8),	sysman_station(8)
  Security, System Administration