Setting the public object bit can reduce the size of the audit trail when the audit record includes successful accesses of files or directories. Successful viewing, listing, or listing of a file or directory's attributes will not be written to the audit record when the file's public object bit is set.
As role secadmin, at label admin_low
, set the public object bit on a local directory of publicly accessible files using the setfattrflag(1) command with the -p 1 option.
The following command sets the public object bit on the /etc directory. A search of the /etc directory, or a read of files in the /etc directory will not result in an audit record.
$ setfattrflag -p 1 /etc $ getfattrflag /etc Multilevel directory: no Single level directory: no Public object: yes |
As secadmin, at label admin_low
, set the public object bit on a mounted file system of publicly accessible files using the attr_flag security attribute.
For example, the following entry in the vfstab_adjunct(4) file for the mounted file system /spublic sets the public object flag for all files in the file system.
# Modified template. # /spublic; \ acc_acl=; \ mode=; \ attr_flag=public; \ gid=; \ uid=; \ slabel=; \ forced=; \ allowed=; \ low_range=; \ hi_range=; \ mld_prefix=mldroot; #