The auditconfig Command (System Administration Guide: Security Services)

System Administration Guide: Security Services

The `auditconfig` Command

The auditconfig command provides a command-line interface to retrieve and set audit configuration parameters. See the auditconfig(1M) man page. Options to the auditconfig command include the following:

-chkconf

Checks the configuration of kernel event-to-class mappings and reports any inconsistencies

-conf

Reconfigures kernel event-to-class mappings at runtime to match the current mappings in the audit_event file.

-getcond

Retrieves the state of auditing on the machine. The following table shows the possible responses.

Table 25–1 Possible Auditing Conditions


Response	Meaning
`auditing`	Auditing is enabled and turned on.
`no audit`	Auditing is enabled, but the audit daemon is not running.
`disabled`	Auditing is not enabled.

-setcond condition

Sets the state of auditing on the machine to one of auditing or noaudit.

-getclass event_number

Retrieves the preselection classes to which the specified event is mapped.

-setclass event_number audit_flags

Sets the preselection classes to which the specified event is mapped.

-lsevent

Displays the currently configured (runtime) kernel and user audit event information.

-getpinfo pid

Retrieves the audit ID, preselection mask, terminal ID, and audit session ID of the specified process.

-setpmask pid flags

Sets the preselection mask of the specified process.

-setsmask asid flags

Sets the preselection mask of all processes with the specified audit session ID.

-setumask auid flags

Sets the preselection mask of all processes with the specified user audit ID.

-lspolicy

Displays the list of audit policies with a short description of each policy.

-getpolicy

Shows the current audit policy flags.

-setpolicy policy_flag[,policy_flag]

Sets the audit policy flags to the specified policies (see Determining Which Audit Policies to Use).