auditconfig, audit_setup - Audit subsystem configuration graphical
interface (Enhanced Security)
The audit_setup utility has been replaced by the auditconfig graphical
The auditconfig graphical user interface is used interactively to
establish the audit environment on your system. The interface can be
selected from the Sysman menu, syman_station (including PC clients), or
it can be started from the command line. See the sysman(8) and
syman_station(8) reference pages for more details.
If a kernel rebuild is required as part of the configuration, auditconf
guides the user through the rebuild and reboot. The auditconfig inter‐
face configures the following aspects of the audit subsystem: Location
of the audit logs. The /var/audit/ directory is the default area.
Action for the audit subsystem to take if the file space allocated for
audit logs is exhausted. Trimming of audit logs. Enable accepting
audit data from remote systems. Select the profiles/categories of
events to be audited. Include environment strings with anexecv or
execve system call.
You must be root to run auditconfig.
A set of aliases by which logically related groupings of events can be
constructed. You can modify this set of aliases to suit your site's
requirements. Auditmask style selections. A list of hosts from which
audit data can be accepted. A list of alternative locations in which
auditd stores audit data when an overflow condition is reached. A list
of all security-relevant system calls and trusted (application) events.
You can modify this file or use it as a template. The list of files
that auditconfig used to enable object selection or deselection. The
cluster-wide rc variables for the audit subsystem. Used for input to
rc.config.common for audit events during system initialization. Cre‐
ated when object (de)selection is derived from a profile(category). It
contains the selected profile's entries of file objects.
Commands: auditmask(8), auditd(8), sysman(8), sysman_station(8)
Security, System Administration