Code:
audit query
auditing on
bin processing off
audit events:
realsecure - ACCT_Disable,ACCT_Enable
general - USER_SU,PASSWORD_Change,FILE_Unlink,FILE_Link,FILE_Rename,FS_Chdir,FS_Chroot,PORT_Locked,PORT_Change,FS_Mkdir,FS_Rmdir,USER_Login,USER_Logout,USER_Change,USER_Remove,USER_Create,USER_Locked,USER_Unlocked,GROUP_Create,GROUP_Remove
objects - AUD_CONFIG_WR,S_USER_WRITE,S_PASSWD_READ,S_PASSWD_WRITE,S_LOGIN_WRITE,S_LIMITS_WRITE,S_GROUP_WRITE,S_ENVIRON_WRITE
SRC - SRC_Start,SRC_Stop,SRC_Addssys,SRC_Chssys,SRC_Delssys,SRC_Addserver,SRC_Chserver,SRC_Delserver
ALL - AUD_CONFIG_WR,S_USER_WRITE,S_PASSWD_READ,S_PASSWD_WRITE,S_LOGIN_WRITE,S_LIMITS_WRITE,S_GROUP_WRITE,S_ENVIRON_WRITE,ACCT_Disable,ACCT_Enable,USER_SU,PASSWORD_Change,FILE_Unlink,FILE_Link,FILE_Rename,FS_Chdir,FS_Chroot,PORT_Locked,PORT_Change,FS_Mkdir,FS_Rmdir,USER_Login,USER_Logout,USER_Change,USER_Remove,USER_Create,USER_Locked,USER_Unlocked,GROUP_Create,GROUP_Remove,SRC_Start,SRC_Stop,SRC_Addssys,SRC_Chssys,SRC_Delssys,SRC_Addserver,SRC_Chserver,SRC_Delserver,AUD_It,FILE_Write,PROC_Delete,SHM_Detach,SHM_Open,FILE_Close,FILE_Open,FILE_Stat,FILE_Dupfd,FILE_Read,FILE_Owner,FILE_Accessx,PROC_SetGroups,PROC_RealGID,PROC_Limits,PROC_SetUserIDs,WLM_assign,AUD_Proc,PROC_Privilege,TCP_ksocket,TCP_kconnect,TCP_kclose,PROC_Execute,FILE_Pipe,PROC_Create,TCB_Exec,PROC_LoadMember,PROC_LoadError,TCP_ksetopt,TCP_kbind,PROC_Load,WLM_set,TCP_klisten,FILE_Mknod,FILE_Mode,PROC_Sysconfig,PROC_Setpgid,SEM_Create,PROC_Environ,TCP_kaccept,TCP_kshutdown,INIT_Start,FILE_Utimes,MSG_Create,SHM_Create,SEM_Op,FILE_Fchmod,RTSEM_Init,SEM_Delete,RTSEM_Destroy,PROC_Setpri,FILE_Symlink,INIT_End,FILE_ReadXacl,FILE_WriteXacl,PROC_Kill,RTSEM_Post,RTSEM_Wait,RTSEM_TryWait,TCP_ksocketpair,MSG_Write,MSG_Read,MSG_Mode,FILE_Fchown,PROC_SetPri,CRON_Start,CRON_Finish,FILE_StatAcl,SHM_Mode,SHM_Close,FS_Fchdir,PROC_Adjtime,SENDMAIL_Config,MAIL_ToUser,USER_Chpass,PASSWORD_Flags,PROC_SysParm,DEV_Configure,DEV_Create,DEV_Change,FILE_StatPriv,FILE_FReadXacl,FILE_FWriteXacl,TCPIP_connect,TCPIP_access,TCPIP_data_out,TCP_kreceive,TCPIP_data_in,FILE_Acl,USER_Check,PASSWORD_Check,GROUP_User
audit objects:
/etc/security/audit/config:
w = AUD_CONFIG_WR
/etc/security/group:
w = S_GROUP_WRITE
/etc/security/environ:
w = S_ENVIRON_WRITE
/etc/security/limits:
w = S_LIMITS_WRITE
/etc/security/passwd:
r = S_PASSWD_READ
w = S_PASSWD_WRITE
/etc/security/login.cfg:
w = S_LOGIN_WRITE
/etc/security/user:
w = S_USER_WRITE