現在の監査ポリシーを決定する方法
auditconfig(1M) コマンドを使うと、適切に設定された役割によって、監査ポリシーを決定し、設定可能なポリシーを調べることができます。役割がポリシーを決定するように設定されていない場合や監査機能が無効になっている場合、コマンド auditconfig -getpolicy はエラーを返します。ラベル admin_low でセキュリティ管理者になって、実行した例です。
$ auditconfig -getpolicy audit policies = none $ auditconfig -lspolicy policy string description: arge include exec environment args in audit recs argv include exec args in audit recs cnt when no more space, drop recs and keep a count group include supplementary groups in audit recs seq include a sequence number in audit recs trail include trailer tokens in audit recs path allow multiple paths per event acl include ACL information in audit recs ahlt halt machine if we can't record an async event slabel include sensitivity labels in audit recs passwd include cleartext passwords in audit recs windata_down include downgraded information in audit recs windata_up include upgraded information in audit recs all all policies none no policies |
- © 2010, Oracle Corporation and/or its affiliates