The following table lists the predefined event classes defined in the /etc/security/audit/classes file.
Event classes
| Event class | Events in class |
|---|---|
| acct | acct_off acct_sw acct_on |
| audit | audit_buf audit_ctl audit_dmp audit_evt audit_log audit_map |
| bind_lwp | lwp_bind lwp_unbind |
| cov_chan | cov_chan1 cov_chan2 cov_chan3 cov_chan4 cov_chan5 cov_chan6 cov_chan7 cov_chan8 |
| dac | dac_mode dac_own_grp file_acl fd_acl ipc_acl |
| device | mount umount |
| dir_access | access chg_dir chg_root chg_times status sym_status |
| dir_make | link mk_dir mk_mld rm_dir sym_create unlink |
| file_access | access chg_times open_rd open_wr status sym_status |
| file_attr | add_grp add_usr add_usr_grp mod_grp mod_usr |
| file_make | create link mk_node sym_create unlink |
| id_auth | bad_auth bad_lvl cron def_lvl login passwd |
| io_cntl | fcntl iocntl |
| module | modadm modload modpath moduload |
| msg | msg_ctl msg_get msg_op |
| path | chg_dir chg_root |
| printer | cancel_job lp_admin lp_misc page_lvl prt_job prt_lvl trunc_lvl |
| priv | file_priv pm_denied |
| process | exec exit fork kill set_gid set_grps set_pgrps set_sid set_uid |
| res_limit | setrlimit ulimit |
| sched | sched_lk sched_rt sched_ts |
| sem | sem_ctl sem_get sem_op |
| shm | shm_ctl shm_get shm_op |
| sym_link | sym_create sym_status |