Audit classes are defined in the /etc/security/audit_class file.
Become superuser or assume an equivalent role.
(Optional) Save a backup copy of the audit_class file.
# cp /etc/security/audit_class /etc/security/audit_class.save |
Add new entries to the audit_class file.
Each entry has the following format:
0xnumber:name:description |
Identifies number as hexadecimal.
Defines the unique audit class mask.
Defines the two-letter name of the audit class.
Defines the descriptive name of the audit class.
Make the new data available to the BSM service .
To use the new data, either reboot the system, or type the following command:
# auditconfig -conf |
In this example, add an entry to the audit_class file that resembles the following entry. The entry creates a new audit class that is called ta.
0x01000000:ta:test application |