Example — Creating an Audit Admin Login (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: Example — Changing Auditing for One User
Next: How to Change Audit Classes

Example — Creating an Audit Admin Login

If all the audit partitions are full, then it could be impossible to log in to a host. If all logins are audited, then the fact that the audit partitions are full would prevent anyone from completing a login. To avoid this situation, you can set up a special login that is not audited. This new login would allow you to log in to the host even if the audit partitions are full. Then, you could fix the problem with the full partitions. In this example, the user auditadm is defined so that no auditing takes place.

# grep auditadm /etc/security/audit_user
auditadmin:no:yes

Note –

The user login that is selected to serve as the audit admin login might need to be monitored in another way.

Previous: Example — Changing Auditing for One User
Next: How to Change Audit Classes