test

Trusted Solaris Audit Administration

The auditconfig Command

The auditconfig command provides a command line interface to get and set audit configuration information and audit policy. It can be used in the audit_startup(1M) script to set audit policies when the audit daemon is started. See the auditconfig(1M) man page and "Dynamic Procedures", for examples of the use of the auditconfig command.

-chkconf

Check the configuration of kernel audit event to class mappings and report any inconsistencies.

-conf

Reconfigure kernel event to class mappings at runtime to match the current mappings in the audit_event file.

-getcond

Get the workstation's auditing condition. The possible responses are.

auditing

Auditing is enabled and turned on.

no auditing

Auditing is enabled but turned off.

disabled

The audit module is not enabled.

-setcond condition

Set the workstation's auditing condition: auditing or noaudit. To disable auditing, modify the audit script and the system(4) file and reboot. See "To Disable Auditing" for the procedure.

-getclass event_number

Get the preselection classes to which the specified event is mapped.

-setclass event_number
audit_flags

Set the preselection classes to which the specified event is mapped.

-lsevent

Display the currently configured (runtime) kernel and user audit event information.

-getpinfo pid

Get the audit ID, preselection mask, terminal ID, and audit session ID of the specified process.

-setkmask +/-audit_flags

Set the kernel preselection mask for non-attribute events to the specified audit flags.

-setkmaskac

Set the kernel preselection mask for non-attribute events to the classes specified in the naflags field of the audit_control file.

-setpmask pid flags

Set the preselection mask of the specified process.

-setsmask asid flags

Set the preselection mask of all processes with the specified audit session ID.

-setumask auid flags

Set the preselection mask of all processes with the specified user audit ID.

-lspolicy

Display the list of audit policies with a short description of each one.

-getpolicy

Get the current audit policy flags.

-setpolicy policy_flag
[,policy_flag]

Set the audit policy flags to the specified policies. See "Setting Audit Policies".