Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: /etc/security/audit_user
Operating Systems Solaris /etc/security/audit_user Post 302105394 by RTM on Thursday 1st of February 2007 12:29:27 PM
Old 02-01-2007
Look up the following man pages

audit_user
audit_control

These should explain it quite well.

root:lo:no
root:login_logout:no_class
username : always audit : never audit
 

LEARN ABOUT OPENSOLARIS

audit_user

audit_user(4)							   File Formats 						     audit_user(4)

NAME

       audit_user - per-user auditing data file

SYNOPSIS

       /etc/security/audit_user

DESCRIPTION

       audit_user is a database that stores per-user auditing preselection data. You can use the audit_user file with other authorization sources,
       including the NIS map audit_user.byname and the NIS+ table audit_user. Programs use the getauusernam(3BSM) routines to access this informa-
       tion.

       The  search order for multiple user audit information sources is specified in the /etc/nsswitch.conf file. See nsswitch.conf(4). The lookup
       follows the search order for passwd(4).

       The fields for each user entry are separated by colons (:). Each user is separated from the next by a newline.  audit_user  does  not  have
       general read permission. Each entry in the audit_user file has the form:

	 username:always-audit-flags:never-audit-flags

       The fields are defined as follows:

       username 	     User's login name.

       always-audit-flags    Flags specifying event classes to always audit.

       never-audit-flags     Flags specifying event classes to never audit.

       For a complete description of the audit flags and how to combine them, see audit_control(4).

EXAMPLES

       Example 1 Using the audit_user File

	 other:lo,am:io,cl
	 fred:lo,ex,+fc,-fr,-fa:io,cl
	 ethyl:lo,ex,nt:io,cl

FILES

       /etc/nsswitch.conf

       /etc/passwd

       /etc/security/audit_user

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     | See below.		   |
       +-----------------------------+-----------------------------+

       The file format stability is Committed. The file content is Uncommitted.

SEE ALSO

       bsmconv(1M), getauusernam(3BSM), audit_control(4), nsswitch.conf(4), passwd(4)

       Part VII, Solaris Auditing, in System Administration Guide: Security Services

NOTES

       This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

       Configuration  changes do not affect audit sessions that are currently running, as the changes do not modify a process's preselection mask.
       To change the preselection mask on a running process, use the -setpmask option of the auditconfig command  (see	auditconfig(1M)).  If  the
       user logs out and logs back in, the new configuration changes will be reflected in the next audit session.

SunOS 5.11							    26 Jun 2008 						     audit_user(4)
All times are GMT -4. The time now is 02:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy