During installation, as root, at label admin_low
, create a directory on the first installed workstation to hold copies of the audit configuration
files customized for your site.
The directory would include your customized versions of audit_control, audit_user, audit_startup, and audit_warn. If you have modified event-to-class mappings, it would include audit_event and audit_class. It would not include audit_data.
For example, on grebe, the first workstation in a network:
# mkdir /export/home/tmp |
Copy the modified files from the /etc/security directory to the /export/home/tmp directory.
# cp /etc/security/audit_control /export/home/tmp/audit_control # cp /etc/security/audit_user /export/home/tmp/audit_user # cp /etc/security/audit_startup /export/home/tmp/audit_startup # cp /etc/security/audit_event /export/home/tmp/audit_event |
Allocate the tape or diskette device.
Follow the procedure in "To Allocate and Deallocate Devices".
Run the tar(1) command to copy the contents of the /export/home/tmp directory to tape or to diskette.
Deallocate the tape or diskette device and follow the instructions.
Follow the procedure in "To Deallocate a Device".
As root, at label admin_low
, as each new workstation is configured, copy the files from the tape or diskette to the correct directory on the new workstation.
Prepare the directory for the new files.
# cd /etc/security # mv audit_control audit_control.orig # mv audit_startup audit_startup.orig # mv audit_warn audit_user.orig # mv audit_event audit_event.orig |
Allocate the appropriate device at the label admin_low
.
Follow the procedure in "To Allocate and Deallocate Devices".
Deallocate the device.
Follow the procedure in "To Deallocate a Device".
As role secadmin, at label admin_low
, modify the audit_control file on each new workstation with that workstation's remote and local audit file systems.