Windows PowerShell command on Get-command audit_flags
MyWebUniversity

Manual Pages for UNIX Operating System command usage for man audit_flags




Standards, Environments, and Macros                audit_flags(5)





NAME

     audit_flags - audit preselection flags



DESCRIPTION

     Audit flags specify which audit classes are  to  be  audited
     for   a   process.   Audit   classes   are  defined  in  the

     audit_class(4) file and group together like audit events  as

     defined  in  the  audit_event(4)  file.  The default Solaris

     system-wide audit flags are configured as part of the  audit

     service  using  auditconfig(1M). Additional per-user or per-

     role audit flags may be configured in the user_attr(4) data-

     base  or  in  the  profiles  granted  to  the  user  by  the

     audit_flags=always-audit-flags:never-audit-flags    keyword.

     The  audit  flags  of  a process are called the preselection

     mask. The preselection mask is set at login and role assump-

     tion time by combining the default Solaris system-wide audit

     flags  with  the  per-user  audit  flags  (default  flags  +

     always-audit-flags) - never-audit-flags.



     Audit flags are specified as a character string representing
     the audit class names to be audited. Each flag identifies an
     audit class and is separated by a comma (",") from others in

     the  string.  An audit class name preceded by "-" means that

     the class should be audited  for  failure  only;  successful
     attempts  are  not  audited. An audit class name preceded by
     "+" means that the class should be audited for success only;
     failed attempts are not audited. Without a prefix, the audit
     class name indicates that the class is  to  be  audited  for

     both  successes and failures. The special string "all" indi-

     cates that all audit events are to be audited; "-all"  indi-

     cates  that all failed attempts are to be audited and "+all"
     indicates that all successful attempts are  to  be  audited.

     The  prefixes  "^",  "^-"  and "^+" turn off flags specified

     earlier in the string (^- and ^+ for failed  and  successful

     attempts  respectively, ^ for both). They are typically used
     to reset flags. The special string "no" indicates  no  audit
     events are to be audited.


EXAMPLES

     Example 1 Preselect to audit for successful and failed  "lo"
     (login/logout),  "am"  (administration) audit events and all
     failed audit events except for failed "fm"  (file  attribute
     modify) events.


       lo,am,-all,^-fm




     Example 2 Preselect to audit for successful and failed  "lo"

     (login/logout), "as" (system-wide administration) and failed

     "fm" (file attribute modify) events.




SunOS 5.11          Last change: 22 Jun 2010                    1








Standards, Environments, and Macros                audit_flags(5)





       lo,as,-fm





SEE ALSO

     profiles(1),   auditconfig(1M),   auditd(1M),   usermod(1M),

     audit_class(4), audit_event(4), prof_attr(4), user_attr(4)



     System Administration Guide: Security Services














































SunOS 5.11          Last change: 22 Jun 2010                    2



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™