As role secadmin, at label admin_low
, enter permanent audit policy in the audit_startup(1M) file.
Create a script that calls the auditconfig(1M) command with policy options.
The sample audit_startup(1M) script below adds ACLs to audit records, halts the workstation when its audit file systems are full, and at startup, prints the current audit policy to standard i/o.
#!/bin/sh auditconfig -setpolicy +slabel,+acl auditconfig -setpolicy +ahlt auditconfig -getpolicy
Write the file and exit the editor
To run auditing in an evaluated configuration, the cnt policy cannot be turned on; the ahlt policy (the default) cannot be turned off.