auditconfig, audit_setup - Audit subsystem configuration
graphical interface (Enhanced Security)
The audit_setup utility has been replaced by the auditconfig
The auditconfig graphical user interface is used interactively
to establish the audit environment on your system.
The interface can be selected from the Sysman menu,
syman_station (including PC clients), or it can be started
from the command line. See the sysman(8) and syman_station(8) reference pages for more details.
If a kernel rebuild is required as part of the configuration,
auditconf guides the user through the rebuild and
reboot. The auditconfig interface configures the following
aspects of the audit subsystem: Location of the audit
logs. The /var/audit/ directory is the default area.
Action for the audit subsystem to take if the file space
allocated for audit logs is exhausted. Trimming of audit
logs. Enable accepting audit data from remote systems.
Select the profiles/categories of events to be audited.
Include environment strings with anexecv or execve system
You must be root to run auditconfig.
A set of aliases by which logically related groupings of
events can be constructed. You can modify this set of
aliases to suit your site's requirements. Auditmask style
selections. A list of hosts from which audit data can be
accepted. A list of alternative locations in which auditd
stores audit data when an overflow condition is reached.
A list of all security-relevant system calls and trusted
(application) events. You can modify this file or use it
as a template. The list of files that auditconfig used to
enable object selection or deselection. The cluster-wide
rc variables for the audit subsystem. Used for input to
rc.config.common for audit events during system initialization.
Created when object (de)selection is derived
from a profile(category). It contains the selected profile's
entries of file objects.
Commands: auditmask(8), auditd(8), sysman(8), sysman_station(8)
Security, System Administration
[ Back ]