The auditconfig(1M) command enables an appropriately configured role to determine
audit policy and to see what policies can be set. If your role is not configured to determine the policy, or if auditing is turned off, the command auditconfig -getpolicy returns an error. The following example was
run by the role secadmin, at label admin_low
:
$ auditconfig -getpolicy audit policies = none $ auditconfig -lspolicy policy string description: arge include exec environment args in audit recs argv include exec args in audit recs cnt when no more space, drop recs and keep a count group include supplementary groups in audit recs seq include a sequence number in audit recs trail include trailer tokens in audit recs path allow multiple paths per event acl include ACL information in audit recs ahlt halt machine if we can't record an async event slabel include sensitivity labels in audit recs passwd include cleartext passwords in audit recs windata_down include downgraded information in audit recs windata_up include upgraded information in audit recs all all policies none no policies |