How to Configure Auditing

The following steps are included here to provide an overview of what is required to set up audit directories and specify which audit classes will be audited.

1. Format and partition the disks to create the dedicated audit partitions.

   A rule of thumb is to assign 100 MBytes of space for each machine that is on the distributed system; but remember that the disk space requirements at your site will be based on how much auditing you perform and can be far greater than this figure per machine.

2. Assign the audit file systems to the dedicated partitions.

   Each diskfull machine should have a backup audit directory on the local machine in case its NFS-mounted audit file systems are not available.

3. While each machine is in single-user mode, run tunefs -m 0 on each dedicated audit partition to reduce reserved file system space to 0 percent.

   A reserved space percentage (called the minfree limit) is specified for audit partitions in the audit_control file. The default is 20 percent, and this percentage is tunable. Because this value is set by each site in the audit_control file, you should remove the automatically reserved file system space that is set aside by default for all file systems.

4. Set the required permissions on each of the audit directories on the audit servers, and make a subdirectory in each audit directory called files.

   Use chown and chmod to assign each audit directory and each files subdirectory the required permissions.

5. If using audit servers, export the audit directories with the /etc/dfs/dfstab file.

6. Create the audit_control file entries for all the audit directories in the audit_control file on each machine, specifying the files subdirectory.

7. On each audit client, create the entries for the audit file systems in the /etc/vfstab file.

8. On each audit client, create the mount point directories and use chmod and chown to set the correct permissions.