Index Index for
Section 8
Index Alphabetical
listing for A
Bottom of page Bottom of
page		 

auditconfig(8)


NAME

  auditconfig, audit_setup - Audit subsystem configuration graphical
  interface (Enhanced Security)


SYNOPSIS

  /usr/sbin/sysman auditconfig

				     Note

       The audit_setup utility has been replaced by the auditconfig graphical
       interface.


DESCRIPTION

  The auditconfig graphical user interface is used interactively to establish
  the audit environment on your system.	 The interface can be selected from
  the Sysman menu, syman_station (including PC clients), or it can be started
  from the command line. See the sysman(8) and syman_station(8) reference
  pages for more details.

  If a kernel rebuild is required as part of the configuration, auditconf
  guides the user through the rebuild and reboot. The auditconfig interface
  configures the following aspects of the audit subsystem:

    ·  Location of the audit logs. The /var/audit/ directory is the default
       area.

    ·  Action for the audit subsystem to take if the file space allocated for
       audit logs is exhausted.

    ·  Trimming of audit logs.

    ·  Enable accepting audit data from remote systems.

    ·  Select the profiles/categories of events to be audited.

    ·  Include environment strings with anexecv or execve system call.

  You must be root to run auditconfig.


FILES

  /etc/sec/event_aliases
      A set of aliases by which logically related groupings of events can be
      constructed.  You can modify this set of aliases to suit your site's
      requirements.

  /etc/sec/auditmask_style
      Auditmask style selections.

  /etc/sec/auditd_clients
      A list of hosts from which audit data can be accepted.

  /etc/sec/auditd_loc
      A list of alternative locations in which auditd stores audit data when
      an overflow condition is reached.

  /etc/sec/audit_events
      A list of all security-relevant system calls and trusted (application)
      events.  You can modify this file or use it as a template.

  /etc/sec/file_objects/*
      The list of files that auditconfig used to enable object selection or
      deselection.

  /etc/rc.config.common
      The cluster-wide rc variables for the audit subsystem.

  /etc/sec/rc_audit_events
      Used for input to rc.config.common for audit events during system
      initialization.

  /etc/sec/fs_objects
      Created when object (de)selection is derived from a profile(category).
      It contains the selected profile's entries of file objects.


SEE ALSO

  Commands: auditmask(8), auditd(8), sysman(8), sysman_station(8)

  Security, System Administration

Index Index for
Section 8
Index Alphabetical
listing for A
Top of page Top of
page