The auditconfig command provides a command-line interface to retrieve and set audit configuration parameters. See the auditconfig(1M) man page. Options to the auditconfig command include the following:
Checks the configuration of kernel event-to-class mappings and reports any inconsistencies
Reconfigures kernel event-to-class mappings at runtime to match the current mappings in the audit_event file.
Retrieves the state of auditing on the machine. The following table shows the possible responses.
Table 25–1 Possible Auditing Conditions
Response |
Meaning |
---|---|
auditing |
Auditing is enabled and turned on. |
no audit |
Auditing is enabled, but the audit daemon is not running. |
disabled |
Auditing is not enabled. |
Sets the state of auditing on the machine to one of auditing or noaudit.
Retrieves the preselection classes to which the specified event is mapped.
Sets the preselection classes to which the specified event is mapped.
Displays the currently configured (runtime) kernel and user audit event information.
Retrieves the audit ID, preselection mask, terminal ID, and audit session ID of the specified process.
Sets the preselection mask of all processes with the specified audit session ID.
Sets the preselection mask of all processes with the specified user audit ID.
Displays the list of audit policies with a short description of each policy.
Sets the audit policy flags to the specified policies (see Determining Which Audit Policies to Use).