Each predefined audit class is shown in Table 2-2 with the audit flag (which is the short name that stands for the class), the long name, a short description, and a longer definition. The system administrator uses the audit flags in the auditing configuration files to specify which classes of events to audit. Additional classes can be defined and existing classes can be renamed by modifying the audit_class file (see the audit_class(4) man page).
Table 2-2 Audit Classes
Short Name |
Long Name |
Short Description |
---|---|---|
Read of data, open for reading, and so forth |
||
Write of data, open for writing, and so forth |
||
Access of object attributes: stat, pathconf, and so forth |
||
Change of object attributes: chown, flock, and so forth |
||
Creation of object |
||
Deletion of object |
||
Process operations: fork, exec, exit, and so forth |
||
Network events: bind, connect, accept, and so forth |
||
Nonattributable events |
||
Administrative actions |
||
Login and logout events |
||
Application-defined event |
||
Program execution |
||
Miscellaneous |
||