System Administration Guide: Security Services

ProcedureHow to Disable the Audit Service

If the audit service is no longer required at some point, this procedure returns the system to the system state before auditing was enabled. If non-global zones are being audited, their audit service is also disabled.

Caution – Caution –

This command also disables device allocation. Do not run this command if you want to be able to allocate devices. To disable auditing and retain device allocation, see Example 30–21.

  1. Become superuser and bring the system into single-user mode.

    % su
    Password: <Type root password>
    # init S

    For more information, see the init(1M) man page.

  2. Run the script to disable auditing.

    Change to the /etc/security directory, and execute the bsmunconv script.

    # cd /etc/security
    # ./bsmunconv

    Another effect of the script is to disable device allocation.

    For information on the full effect of the bsmunconv script, see the bsmconv(1M) man page.

  3. Bring the system into multiuser mode.

    # init 6

Example 30–21 Disabling Auditing and Keeping Device Allocation

In this example, the audit service stops collecting records, but device allocation continues to work. All values from the flags, naflags, and plugin entries in the audit_control file are removed, as are all user entries in the audit_user file.

## audit_control file

## audit_user file

The auditd daemon runs, but no audit records are kept.

Example 30–22 Disabling Auditing on a Per-Zone Basis

In this example, the audit service stops running in zone1 where the audit service is disabled. Device allocation continues to work. When this command is run in the global zone, and the perzone audit policy is not set, auditing is disabled for all zones, not just the global zone.

zone1 # audit -t