Nonattributable Audit Events (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: User-Level Audit Events
Next: Audit Classes

Nonattributable Audit Events

Most events are attributable to an individual user, but some events are not. Events are nonattributable if the events occur at the kernel-interrupt level, or if the events occur before a user is identified and authenticated. Nonattributable events are auditable. The following example lists two nonattributable events from the /etc/security/audit_event file:

153:AUE_ENTERPROM:enter prom:na
6156:AUE_mountd_mount:mount:na

AUE_ENTERPROM is a kernel-level na event. AUE_mountd_mount is a user-level na event.

Previous: User-Level Audit Events
Next: Audit Classes