auditconfig, audit_setup - Audit subsystem configuration graphical inter-
face (Enhanced Security)
NOTE: The audit_setup utility has been replaced by the auditconfig graphi-
The auditconfig graphical user interface is used interactively to establish
the audit environment on your system. The interface can be selected from
the Sysman menu, syman_station (including PC clients), or it can be started
from the command line. See the sysman(8) and syman_station(8) reference
pages for more details.
If a kernel rebuild is required as part of the configuration, auditconf
guides the user through the rebuild and reboot. The auditconfig interface
configures the following aspects of the audit subsystem:
+ Location of the audit logs. The /var/audit/ directory is the default
+ Action for the audit subsystem to take if the file space allocated for
audit logs is exhausted.
+ Trimming of audit logs.
+ Enable accepting audit data from remote systems.
+ Select the profiles/categories of events to be audited.
+ Include environment strings with an execv or execve system call.
You must be root to run auditconfig.
A set of aliases by which logically related groupings of events can be
constructed. You can modify this set of aliases to suit your site's
Auditmask style selections.
A list of hosts from which audit data can be accepted.
A list of alternative locations in which auditd stores audit data when
an overflow condition is reached.
A list of all security-relevant system calls and trusted (application)
events. You can modify this file or use it as a template.
The list of files that auditconfig used to enable object selection or
The cluster-wide rc variables for the audit subsystem.
Used for input to rc.config.common for audit events during system ini-
Created when object (de)selection is derived from a profile(category).
It contains the selected profile's entries of file objects.
Commands: auditmask(8), auditd(8), sysman(8), sysman_station(8)
Security, System Administration