To Set Audit Policy Permanently

1. As role secadmin, at label admin_low, enter permanent audit policy in the audit_startup(1M) file.

   1. Open the System_Admin folder from the Application Manager.

   2. Double-click the Audit Startup action.

2. Create a script that calls the auditconfig(1M) command with policy options.

   The sample audit_startup(1M) script below adds ACLs to audit records, halts the workstation when its audit file systems are full, and at startup, prints the current audit policy to standard i/o.

   #!/bin/sh
   auditconfig -setpolicy +slabel,+acl
   auditconfig -setpolicy +ahlt
   auditconfig -getpolicy

3. Write the file and exit the editor

   ---

   Caution -

   To run auditing in an evaluated configuration, the cnt policy cannot be turned on; the ahlt policy (the default) cannot be turned off.

   ---