How to Add Audit Classes
Audit classes are defined in the /etc/security/audit_class file.
-
Become superuser or assume an equivalent role.
-
(Optional) Save a backup copy of the audit_class file.
# cp /etc/security/audit_class /etc/security/audit_class.save
-
Add new entries to the audit_class file.
Each entry has the following format:
0xnumber:name:description
- 0x
-
Identifies number as hexadecimal.
- number
-
Defines the unique audit class mask.
- name
-
Defines the two-letter name of the audit class.
- description
-
Defines the descriptive name of the audit class.
-
Make the new data available to the BSM service .
To use the new data, either reboot the system, or type the following command:
# auditconfig -conf
Example—Setting a New Audit Class
In this example, add an entry to the audit_class file that resembles the following entry. The entry creates a new audit class that is called ta.
0x01000000:ta:test application |
- © 2010, Oracle Corporation and/or its affiliates