The following table shows each predefined audit class with the audit flag (which is the short name that stands for the class), the long name, and a short description. You use these audit flags in the auditing configuration files to specify which classes of events to audit. You can define new classes and rename existing classes by modifying the audit_class file (see the audit_class(4) man page).
Table 25–2 Audit Flags
Short Name |
Long Name |
Short Description |
---|---|---|
Read of data, open for reading |
||
Write of data, open for writing |
||
Access of object attributes: stat, pathconf |
||
Change of object attributes: chown, flock |
||
Creation of object |
||
Deletion of object |
||
Process operations: fork, exec, exit |
||
Network events: bind, connect, accept |
||
Nonattributable events |
||
Administrative actions |
||
Login and logout events |
||
Application-defined event |
||
Program execution |
||
Miscellaneous |
||