Initial ACL of the Audit Daemon
The initial ACL of a host's audit daemon contains the following entries:
{unauthenticated -r - }
{user hosts/nodoz/self crwl}
{group subsys/dce/audit-admin crwl}
{any_other -r--}
The first entry allows any unauthenticated user only read access to the filters. The second entry allows the host principal (hosts/<hostname>/self) to query and modify the filters, control the audit daemon, and to write to the audit trail file. The third entry allows the members of the group subsys/dce/audit-admin the same access rights as the host principal. The last entry allows all other principals only read access to the filters. You can modify this ACL to suit your security requirements by using dcecp.