To Disable Auditing

1. As role secadmin, at label admin_low, open the script /etc/init.d/audit using the Admin Editor.

   ---

   Note –

   This should be done only if auditing is not a site security requirement, or in cases of audit file overflow. The security administrator is responsible.

   ---

2. Comment out the start script:

   …
   # Start the audit daemon
   #  if [ -f /etc/security/audit_startup ] ; then
   #  echo ”starting audit daemon”
   #  /etc/security/audit_startup
   #  /usr/sbin/auditd &
   #  fi
   …

3. Write and quit the file.

4. Open the script /etc/init.d/drvconfig using the Admin Editor.

5. Add the following lines to the end of the file:

   # Disable auditing
   #
   /usr/bin/adb -wk /dev/ksyms /dev/mem > /dev/null <<end
   audit_active/W 0
   end
   

6. Prevent spurious messages about the audit daemon at shutdown by commenting out the stop script in /etc/init.d/audit:

   …
   # Stop the audit daemon
   
   #       if [ -f /etc/security/audit_startup ] ; then
   #               /usr/sbin/audit -t
   #       fi

7. Write and quit the file.

8. For the changes to take effect, reboot.

   ---

   Note –

   A user or role requires authorization to shut down the computer.

   ---

   1. Choose Shut Down from the TP (Trusted Path) menu and confirm the shutdown.

   2. Enter boot at the ok prompt or b at the > prompt:

      Type help for more information <#2> ok boot Type b (boot), c (continue), or n (new command mode) > b