Go to main content

Managing Auditing in Oracle^® Solaris 11.4

Exit Print View

» ...Documentation Home » Oracle Solaris 11.4 Information Library » Managing Auditing in Oracle^® ... » Managing the Audit Service » Configuring the Audit Service » New Feature – Auditing Events Temporarily

Updated: November 2020

Managing Auditing in Oracle^® Solaris 11.4

Document Information

Using This Documentation

Chapter 1 About Auditing in Oracle Solaris

Chapter 2 Planning for Auditing

Chapter 3 Managing the Audit Service

Default Configuration of the Audit Service

sstore Audit Meta-Class

Displaying Audit Service Defaults

Enabling and Disabling the Audit Service

Configuring the Audit Service

Configuring Audit With the auditconfig Subcommands

Auditing Per User or Rights Profile

New Feature – Auditing Events Temporarily

New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings

New Feature – Auditing Verified Boot

New Feature – auditstat Command Extended

Audit Configuration Task Map

How to Preselect Audit Classes

How to Configure a User's Audit Characteristics

How to Change Audit Policy

How to Configure the audit_warn Email Alias

How to Add an Audit Class

How to Change an Audit Event's Class Membership

New Feature – Annotating Reason for Access in the Audit Record

Configuring Annotation

PAM Supports Annotation of Logins

Tracking Annotations in an Audit Trail

Selecting What Is Audited

How to Audit All Commands by Users

How to Audit Significant Events in Addition to Login/Logout

How to Find Audit Records of Changes to Specific Files

New Feature – Per-Object Logging of Audit Events

New Feature – Per-Privilege Logging of Audit Events

Specifying Files or Directories to Be Audited

How to Update the Preselection Mask of Logged In Users

How to Prevent the Auditing of Specific Events

How to Compress Audit Files on a Dedicated File System

How to Audit FTP and SFTP File Transfers

Configuring the Audit Service in Zones

How to Configure All Zones Identically for Auditing

How to Configure Per-Zone Auditing

Example: Configuring Oracle Solaris Auditing

New Feature – Restricting Access to Audit Records With File Labeling

Chapter 4 Configuring the Formats of Audit Logs and Where They Are Stored

Chapter 5 Viewing Audit Records

Chapter 6 Analyzing and Resolving Audit Issues

Chapter 7 Auditing Reference

Audit Service Glossary

Language:

New Feature – Auditing Events Temporarily

The –t option for the auditconfig command displays or sets the active values of the running system, without displaying or setting the persistent values of the audit service. This release provides the following new subcommands for the –t option:

–t –getflags – Displays the user default audit preselection flags.
–t –getnaflags – Displays the non-attributable audit flags.
–t –setflags audit_flags – Sets the default user audit preselection flags. The default preselection flags are combined with the user's specific audit flags to form the user's audit preselection mask.
–t –setnaflags audit_flags – Sets the non-attributable audit flags. Non-attributable audit flags define which classes of events are to be audited when the action cannot be attributed to an authenticated user. Failed logins, for example, are non-attributable.

For more information, see the auditconfig(8) and audit_flags(7) man pages.

Copyright © 2002, 2020, Oracle and/or its affiliates.