The auditconfig Command

The autoconfig command provides a command line interface to get and set audit configuration parameters. See the auditconfig(1M) man page. Some of the options to auditconfig are:

-chkconf

Check the configuration of kernel audit event to class mappings and report any inconsistencies.

-conf

Reconfigure kernel event to class mappings at runtime to match the current mappings in the audit_event file.

-getcond

Retrieve the machine-auditing condition. Table 2-7 shows the possible responses.

Table 2-7 Possible Auditing Conditions

Response	Meaning
auditing	Auditing is enabled and turned on.
no audit	Auditing is enabled but turned off.
disabled	The audit module is not enabled.

-setcond condition

Set the machine-auditing condition: auditing or noaudit.

-getclass event_number

Get the preselection classes to which the specified event is mapped.

-setclass event_number audit_flags

Set the preselection classes to which the specified event is mapped.

-lsevent

Display the currently configured (runtime) kernel and user audit event information.

-getpinfo pid

Get the audit ID, preselection mask, terminal ID, and audit session ID of the specified process.

-setpmask pid flags

Set the preselection mask of the specified process.

-setsmask asid flags

Set the preselection mask of all processes with the specified audit session ID.

-setumask auid flags

Set the preselection mask of all processes with the specified user audit ID.

-lspolicy

Display the list of audit policies with a short description of each one.

-getpolicy

Get the current audit policy flags.

-setpolicy policy_flag[,policy_flag]

Set the audit policy flags to the specified policies (see "Setting Audit Policies").