System Administration Commands audit(1M)
NAME
audit - control the behavior of the audit daemon
SYNOPSIS
audit -n -s -t -v [path]
DESCRIPTION
The audit command is the system administrator's interface to
maintaining the audit trail. The audit daemon can be noti-
fied to read the contents of the auditcontrol(4) file and
re-initialize the current audit directory to the first
directory listed in the auditcontrol file or to open a new
audit file in the current audit directory specified in the
auditcontrol file, as last read by the audit daemon. Read-
ing auditcontrol also causes the minfree and plugin confi-
guration lines to be re-read and reset within auditd. The
audit daemon can also be signaled to close the audit trail
and disable auditing.
OPTIONS
-n Notify the audit daemon to close the current
audit file and open a new audit file in the
current audit directory.
-s Notify the audit daemon to read the audit control
file. The audit daemon stores the information
internally. If the audit daemon is not running
but audit has been enabled by means of
bsmconv(1M), the audit daemon is started.
-t Direct the audit daemon to close the current
audit trail file, disable auditing, and die. Use
-s to restart auditing.
-v path Verify the syntax for the audit control file
stored in path. The audit command displays an
approval message or outputs specific error mes-
sages for each error found.
DIAGNOSTICS
The audit command will exit with 0 upon success and a posi-
tive integer upon failure.
FILES
o /etc/security/audituser
o /etc/security/auditcontrol
SunOS 5.11 Last change: 16 Apr 2008 1
System Administration Commands audit(1M)
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWcsu
Stability Evolving
SEE ALSO
bsmconv(1M), praudit(1M), audit(2), auditcontrol(4),
audituser(4), attributes(5)
See the section on Solaris Auditing in System Administration
Guide: Security Services.
NOTES
The functionality described in this man page is available
only if the Solaris Auditing feature has been enabled. See
bsmconv(1M) for more information.
The audit command does not modify a process's preselection
mask. It functions are limited to the following:
o affects which audit directories are used for audit
data storage;
o specifies the minimum free space setting;
o resets the parameters supplied by means of the plu-
gin directive.
For the -s option, audit validates the auditcontrol syntax
and displays an error message if a syntax error is found. If
a syntax error message is displayed, the audit daemon does
not re-read auditcontrol. Because auditcontrol is pro-
cessed at boot time, the -v option is provided to allow syn-
tax checking of an edited copy of auditcontrol. Using -v,
audit exits with 0 if the syntax is correct; otherwise, it
returns a positive integer.
SunOS 5.11 Last change: 16 Apr 2008 2
System Administration Commands audit(1M)
The -v option can be used in any zone, but the -t, -s, and
-n options are valid only in local zones and, then, only if
the perzone audit policy is set. See auditd(1M) and
auditconfig(1M) for per-zone audit configuration.
SunOS 5.11 Last change: 16 Apr 2008 3
|
