NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO
/etc/security/audit_event
/etc/security/audit_event is a plain text system file that stores event definitions and specifies the event-to-class mappings. Programs use the getauevent(3BSM) routines to access this information.
The fields for each event entry are separated by colons. Each event is separated from the next by a newline.
Each entry in the audit_event file has the form:
number:name:description: flags
The fields are defined as follows:
The event number.
The event name.
The description of the event.
Flags specifying classes to which the event is mapped.
7:AUE_EXEC:exec(2):ps 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw 6152:AUE_login:login - local:lo 6153:AUE_logout:logout:lo 6154:AUE_telnet:login - telnet:lo 6155:AUE_rlogin:login - rlogin:lo |
The Trusted Solaris environment adds audit events to the audit_event file, and remaps some audit events to audit classes that do not exist in the Solaris environment. Also, auditing is enabled by default. See Trusted Solaris Audit Administration for how to disable and enable auditing.
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO