The audit_startup Script (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: The audit_event File
Next: The audit_user File

The `audit_startup` Script

Auditing is enabled by starting the audit daemon, auditd. You can start the audit daemon by executing /usr/sbin/auditd as root or in an equivalent role. See the auditd(1M) man page.

The existence of the file /etc/security/audit_startup causes the audit daemon to be run automatically when the system enters multiuser mode. This file is an executable script that is invoked as part of the startup sequence, just prior to the execution of the audit daemon (see the audit_startup(1M) man page). A default audit_startup script that automatically configures the event-to-class mappings and sets the audit policies is created during the BSM package installation.

Previous: The audit_event File
Next: The audit_user File