audit_control.5 (162503) | audit_control.5 (162621) |
---|---|
1.\" Copyright (c) 2004 Apple Computer, Inc. | 1.\" Copyright (c) 2004 Apple Computer, Inc. |
2.\" Copyright (c) 2006 Robert N. M. Watson |
|
2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright --- 10 unchanged lines hidden (view full) --- 20.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 25.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26.\" POSSIBILITY OF SUCH DAMAGE. 27.\" | 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright --- 10 unchanged lines hidden (view full) --- 21.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27.\" POSSIBILITY OF SUCH DAMAGE. 28.\" |
28.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $ | 29.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#13 $ |
29.\" 30.Dd January 4, 2006 31.Dt AUDIT_CONTROL 5 32.Os 33.Sh NAME 34.Nm audit_control 35.Nd "contains audit system parameters" 36.Sh DESCRIPTION --- 24 unchanged lines hidden (view full) --- 61an action cannot be attributed to a specific user. 62.It Va minfree 63The minimum free space required on the file system audit logs are being written to. 64When the free space falls below this limit a warning will be issued. 65Not currently used as the value of 20 percent is chosen by the kernel. 66.It Va policy 67A list of global audit policy flags specifying various behaviors, such as 68fail stop, auditing of paths and arguments, etc. | 30.\" 31.Dd January 4, 2006 32.Dt AUDIT_CONTROL 5 33.Os 34.Sh NAME 35.Nm audit_control 36.Nd "contains audit system parameters" 37.Sh DESCRIPTION --- 24 unchanged lines hidden (view full) --- 62an action cannot be attributed to a specific user. 63.It Va minfree 64The minimum free space required on the file system audit logs are being written to. 65When the free space falls below this limit a warning will be issued. 66Not currently used as the value of 20 percent is chosen by the kernel. 67.It Va policy 68A list of global audit policy flags specifying various behaviors, such as 69fail stop, auditing of paths and arguments, etc. |
70.It Va filesz 71Maximum trail size in bytes; if set to a non-0 value, the audit daemon will 72rotate the audit trail file at around this size. 73Sizes less than the minimum trail size (default of 512K) will be rejected as 74invalid. 75If 0, trail files will not be automatically rotated based on file size. |
|
69.El 70.Sh AUDIT FLAGS 71Audit flags are a comma-delimited list of audit classes as defined in the 72.Pa audit_class 73file. 74See 75.Xr audit_class 5 76for details. 77Event classes may be preceded by a prefix which changes their interpretation. 78The following prefixes may be used for each class: 79.Pp 80.Bl -tag -width Ds -compact -offset indent | 76.El 77.Sh AUDIT FLAGS 78Audit flags are a comma-delimited list of audit classes as defined in the 79.Pa audit_class 80file. 81See 82.Xr audit_class 5 83for details. 84Event classes may be preceded by a prefix which changes their interpretation. 85The following prefixes may be used for each class: 86.Pp 87.Bl -tag -width Ds -compact -offset indent |
88.It (none) 89Record both successful and failed events |
|
81.It + 82Record successful events 83.It - 84Record failed events 85.It ^ | 90.It + 91Record successful events 92.It - 93Record failed events 94.It ^ |
86Record both successful and failed events | 95Record neither successful nor failed events |
87.It ^+ 88Do not record successful events 89.It ^- 90Do not record failed events 91.El 92.Sh AUDIT POLICY FLAGS 93The policy flags field is a comma-delimited list of policy flags from the 94following list: --- 46 unchanged lines hidden (view full) --- 141.Nm 142file: 143.Bd -literal -offset indent 144dir:/var/audit 145flags:lo 146minfree:20 147naflags:lo 148policy:cnt | 96.It ^+ 97Do not record successful events 98.It ^- 99Do not record failed events 100.El 101.Sh AUDIT POLICY FLAGS 102The policy flags field is a comma-delimited list of policy flags from the 103following list: --- 46 unchanged lines hidden (view full) --- 150.Nm 151file: 152.Bd -literal -offset indent 153dir:/var/audit 154flags:lo 155minfree:20 156naflags:lo 157policy:cnt |
158filesz:0 |
|
149.Ed 150.Pp 151The 152.Va flags 153parameter above specifies the system-wide mask corresponding to login/logout 154events. 155The 156.Va policy 157parameter specifies that the system should neither fail stop nor suspend 158processes when the audit store fills. | 159.Ed 160.Pp 161The 162.Va flags 163parameter above specifies the system-wide mask corresponding to login/logout 164events. 165The 166.Va policy 167parameter specifies that the system should neither fail stop nor suspend 168processes when the audit store fills. |
159will be audited. | 169The trail file will not be automatically rotated by the audit daemon based on 170file size. |
160.Sh FILES 161.Bl -tag -width "/etc/security/audit_control" -compact 162.It Pa /etc/security/audit_control 163.El 164.Sh SEE ALSO 165.Xr audit_class 5 , 166.Xr audit_user 5 , 167.Xr audit 8 , --- 13 unchanged lines hidden --- | 171.Sh FILES 172.Bl -tag -width "/etc/security/audit_control" -compact 173.It Pa /etc/security/audit_control 174.El 175.Sh SEE ALSO 176.Xr audit_class 5 , 177.Xr audit_user 5 , 178.Xr audit 8 , --- 13 unchanged lines hidden --- |