To Set Public Object Bit

Setting the public object bit can reduce the size of the audit trail when the audit record includes successful accesses of files or directories. Successful viewing, listing, or listing of a file or directory's attributes will not be written to the audit record when the file's public object bit is set.

As role secadmin, at label admin_low, set the public object bit on a local directory of publicly accessible files using the setfattrflag(1) command with the -p 1 option.

The following command sets the public object bit on the /etc directory. A search of the /etc directory, or a read of files in the /etc directory will not result in an audit record.

$ setfattrflag -p 1 /etc
$ getfattrflag /etc
 Multilevel directory: no
 Single level directory: no
          Public object: yes

Previous: To Change Event-Class Mappings
Next: Dynamic Auditing (Tasks)