By default, auditing is enabled. If you have disabled auditing, enable it by reversing the above procedure.
As role secadmin, at label admin_low
, open the script /etc/init.d/audit using the Admin Editor.
Remove the comments from the audit start script:
… # Start the audit daemon if [ -f /etc/security/audit_startup ] ; then echo ”starting audit daemon” /etc/security/audit_startup /usr/sbin/auditd & fi …
Write and quit the file.
Enable the audit daemon to exit gracefully at shutdown by removing the comments in the stop script in /etc/init.d/audit:
… # Stop the audit daemon if [ -f /etc/security/audit_startup ] ; then /usr/sbin/audit -t fi
Write and quit the file.
Open the script /etc/init.d/drvconfig using the Admin Editor.
Comment out the Disable auditing lines:
# Disable auditing # # /usr/bin/adb -wk /dev/ksyms /dev/mem > /dev/null <<end # audit_active/W 0 # end
Write and quit the file.
For the changes to take effect, reboot using the Shut Down menu item from the TP (Trusted Path) menu.