Setting the public object bit can reduce the size of the audit trail when the audit record includes successful accesses of files or directories. Successful viewing, listing, or listing of a file or directory's attributes will not be written to the audit record when the file's public object bit is set.
As role secadmin, at label admin_low
, set the public object bit on a local directory of publicly accessible files using the setfattrflag(1) command with the -p 1 option.
The following command sets the public object bit on the /etc directory. A search of the /etc directory, or a read of files in the /etc directory will not result in an audit record.
$ setfattrflag -p 1 /etc $ getfattrflag /etc Multilevel directory: no Single level directory: no Public object: yes |