IPB
>  Man Pages > Unix > Solaris 10 11/06 > Section 4 > audit_class man page

audit_class man page

Section 4 - Solaris 10 11/06 Man Pages

Other operating system man pages available here

Advanced Search

Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!





File Formats                                       audit_class(4)



NAME
     audit_class - audit class definitions

SYNOPSIS
     /etc/security/audit_class

DESCRIPTION
     /etc/security/audit_class is a user-configurable ASCII  sys-
     tem  file  that  stores  class definitions used in the audit
     system. Audit events in audit_event(4) are mapped to one  or
     more  of  the  defined  audit  classes.  audit_event  can be
     updated in conjunction  with  changes  to  audit_class.  See
     audit_control(4)  and  audit_user(4)  for  information about
     changing the preselection of audit classes in the audit sys-
     tem.  Programs  can  use the getauclassent(3BSM) routines to
     access audit class information.

     The fields for each class entry  are  separated  by  colons.
     Each  class  entry  is  a  bitmap and is separated from each
     other by a newline.

     Each entry in the audit_class file has the form:

     mask:name:description


     The fields are defined as follows:

     mask            class mask



     name            class name



     description     class description



     Each class is represented as a bit in the class  mask  which
     is an unsigned integer. Thus, there are 32 different classes
     available. Meta-classes  can  also  be  defined.  These  are
     supersets  composed  of multiple base classes, and thus will
     have more than 1 bit in its mask. See EXAMPLES.  Two special
     meta-classes are also pre-defined: all, and no.

     all      Represents a conjunction of  all  allowed  classes,
              and is provided as a shorthand method of specifying
              all classes.





SunOS 5.10           Last change: 6 Jan 2003                    1






File Formats                                       audit_class(4)



     no       Is the invalid class, and any event  mapped  solely
              to this class will not be audited. Turning auditing
              on to the all meta  class  will  not  cause  events
              mapped  solely to the no class to be written to the
              audit  trail.  This  class  is  also  used  to  map
              obsolete  events  which  are  no  longer generated.
              Obsolete events are retained to process  old  audit
              trails files.



EXAMPLES
     Example 1: Using an audit_class File

     The following is an example of an audit_class file:

     0x00000000:no:invalid class
     0x00000001:fr:file read
     0x00000002:fw:file write
     0x00000004:fa:file attribute access
     0x00000008:fm:file attribute modify
     0x00000010:fc:file create
     0x00000020:fd:file delete
     0x00000040:cl:file close
     0x00000100:nt:network
     0x00000200:ip:ipc
     0x00000400:na:non-attribute
     0x00001000:lo:login or logout
     0x00004000:ap:application
     0x000f0000:ad:old administrative (meta-class)
     0x00070000:am:administrative (meta-class)
     0x00010000:ss:change system state
     0x00020000:as:system-wide administration
     0x00040000:ua:user administration
     0x00080000:aa:audit utilization
     0x00300000:pc:process (meta-class)
     0x00100000:ps:process start/stop
     0x00200000:pm:process modify
     0x20000000:io:ioctl
     0x40000000:ex:exec
     0x80000000:ot:other
     0xffffffff:all:all classes (meta-class)

FILES
     /etc/security/audit_class



ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:




SunOS 5.10           Last change: 6 Jan 2003                    2






File Formats                                       audit_class(4)



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Interface Stability         |  See below                  |
    |_____________________________|_____________________________|


     The file format stability is evolving. The file  content  is
     unstable.

SEE ALSO
     bsmconv(1M),    au_preselect(3BSM),     getauclassent(3BSM),
     audit_control(4),   audit_event(4),   audit_user(4),  attri-
     butes(5)

NOTES
     It is possible to deliberately turn on the no class  in  the
     kernel,  in  which case the audit trail will be flooded with
     records for the audit event AUE_NULL.

     This functionality is available only if the  Basic  Security
     Module  (BSM)  has  been  enabled.  See bsmconv(1M) for more
     information.
































SunOS 5.10           Last change: 6 Jan 2003                    3

Man(1) output converted with man2html and wrapped by fishsponge

This page was generated on Wed Sep 12 11:27:18 GMT 2007

Your favourite pages:

No pages logged yet.
Trying to save cookie...

Top 10 most popular pages:

sqlite3 man page (5334 hits)
(openSUSE 10.2)

svn man page (5208 hits)
(FreeBSD 6.2)

adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)

CPAN man page (4607 hits)
(Suse Linux 10.1)

ssh man page (4342 hits)
(Suse Linux 10.1)

ssh-socks5-proxy-connect man page (2877 hits)
(Solaris 10 11_06)

netcat man page (2717 hits)
(Suse Linux 10.1)

pprosetup man page (2487 hits)
(Solaris 10 11_06)

startproc man page (2471 hits)
(Suse Linux 10.1)

signal man page (2407 hits)
(Suse Linux 10.1)

Useful Links

Go Back

Visitor Statistics


Valid XHTML 1.0 Transitional     Valid CSS!

Partners: Cambridge Plus :: Pyrenees Ski Holidays :: Server Room Temperature Monitor :: <Link Available>
Unix Man Pages / Linux Man Pages :: HiFi Forum :: SIP VoIP Phone & Provider Reviews :: UNIX/Linux Forum Archives

More info on advertising on Unix/Linux Forum