To Distribute Audit Configuration Files to a Network of Workstations
-
During installation, as root, at label
admin_low, create a directory on the first installed workstation to hold copies of the audit configuration files customized for your site.The directory would include your customized versions of audit_control, audit_user, audit_startup, and audit_warn. If you have modified event-to-class mappings, it would include audit_event and audit_class. It would not include audit_data.
For example, on grebe, the first workstation in a network:
# mkdir /export/home/tmp
-
Copy the modified files from the /etc/security directory to the /export/home/tmp directory.
# cp /etc/security/audit_control /export/home/tmp/audit_control # cp /etc/security/audit_user /export/home/tmp/audit_user # cp /etc/security/audit_startup /export/home/tmp/audit_startup # cp /etc/security/audit_event /export/home/tmp/audit_event
-
Allocate the tape or diskette device.
Follow the procedure in "To Allocate and Deallocate Devices".
-
Run the tar(1) command to copy the contents of the /export/home/tmp directory to tape or to diskette.
-
Deallocate the tape or diskette device and follow the instructions.
Follow the procedure in "To Deallocate a Device".
-
As root, at label
admin_low, as each new workstation is configured, copy the files from the tape or diskette to the correct directory on the new workstation.-
Prepare the directory for the new files.
# cd /etc/security # mv audit_control audit_control.orig # mv audit_startup audit_startup.orig # mv audit_warn audit_user.orig # mv audit_event audit_event.orig
-
Allocate the appropriate device at the label
admin_low.Follow the procedure in "To Allocate and Deallocate Devices".
-
Deallocate the device.
Follow the procedure in "To Deallocate a Device".
-
-
As role secadmin, at label
admin_low, modify the audit_control file on each new workstation with that workstation's remote and local audit file systems.
- © 2010, Oracle Corporation and/or its affiliates