NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO
/etc/security/audit_user
audit_user is an access-restricted plain text system file that stores per-user auditing preselection data. The audit_user file can be used with other authorization sources, including the NIS+ audit_user table . Programs use the getauusernam(3BSM) to access this information.
The search order for audit_user sources follows the order specified for passwd(4) in the nsswitch.conf(4) file. No entry should be made for audit_user.
The fields for each user entry are separated by colons (:).. Each user is separated from the next by a newline. audit_user does not have general read permission.
Each entry in the audit_user database has the form:
username:always-audit-flags:never-audit-flags
The fields are defined as follows:
The user's login name.
Flags specifying event classes to always audit.
Flags specifying event classes to never audit.
For a complete description of the audit flags and how to combine them, see the audit_control(4) man page.
The default permissions on the audit_user NIS+ table in the Trusted Solaris operating environment are restrictive. Therefore, normal users on NIS+ clients that are not running the Trusted Solaris operating environment and are not using the TSIX protocol cannot read the audit_user NIS+ table.
The preferred workaround for such clients is to use the local audit_user file. Alternatively, the NIS+ permissions on the audit_user table could be changed to be less restrictive.
other:lo,ad:io,cl freda:lo,ex,+fc,-fr,-fa:io,cl ethel:lo,ex,nt:io,cl |
Configuration file for the name service switch
Per-user auditing data file.
Per-machine user password file.
By default, auditing is enabled in the Trusted Solaris environment. See Trusted Solaris Audit Administration for how to disable and enable auditing.
A Trusted Solaris NIS+ audit_user table can be used by NIS+ clients that are running the Trusted Solaris operating environment or the TSIX protocol. NIS+ clients that are running other operating environments should use their local audit_user file. Alternatively, the permissions on the Trusted Solaris NIS+ audit_user table can be relaxed.
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO