How to Change Audit Classes
Audit classes are defined in the /etc/security/audit_class file.
-
Become superuser or assume an equivalent role.
-
(Optional) Save a backup copy of the audit_class file.
# cp /etc/security/audit_class /etc/security/audit_class.save
-
Add new entries to the audit_class file.
Each entry has the following format:
0xnumber:name:description
number
Defines the unique audit class mask
name
Defines the two-letter name of the audit class
description
Defines the descriptive name of the audit class
-
Make the new data available to the BSM service.
To use the new data, either reboot the system, or type the following command:
# auditconfig -conf
Example—Setting a New Audit Class
In step 3, add an entry that resembles the following to set a new audit class called de:
0x00010000:de:device allocation |
- © 2010, Oracle Corporation and/or its affiliates