Windows PowerShell command on Get-command auditd
MyWebUniversity

Manual Pages for UNIX Operating System command usage for man auditd




System Administration Commands                         auditd(1M)





NAME

     auditd - audit daemon



SYNOPSIS

     /usr/sbin/auditd




DESCRIPTION

     The audit daemon, auditd, controls the generation and  loca-

     tion  of audit trail files and the generation of syslog mes-

     sages based on its configuration (see  auditconfig(1M)).  If

     auditing  is  enabled,  auditd reads its configuration to do

     the following:

         o    Configure audit policy.

         o    Configure the audit queue control parameters.


         o    Configure the event-to-class mappings.


         o    Set the default audit masks.

         o    Load one or more plugins.


              Solaris provides  three  plugins.  audit_binfile(5)

              writes binary audit data to a file. audit_remote(5)

              sends binary audit data to an authenticated  server
              with     privacy    and    integrity    protection.

              audit_syslog(5)  sends  text  summaries  of   audit

              records to the syslog daemon.

         o    Read audit data from the kernel and pass that  data
              to each of the active plugins.


         o    Execute the audit_warn(1M) script to warn of  vari-

              ous conditions.



     audit(1M) is used to control auditd. It can cause auditd to:


         o    Close the current audit file and open a new one.

         o    Start and refresh the service based on the  current
              properties.

         o    Close the audit trail and terminate auditing.



     auditconfig(1M) is used to configure auditd. It can  config-

     ure the active and permanent:

         o    audit policy




SunOS 5.11          Last change: 30 Aug 2010                    1








System Administration Commands                         auditd(1M)




         o    audit queue control parameters

         o    default audit masks

         o    which plugins are to be loaded

         o    plugin attributes

  Audit Record Queue
     The maximum number of records to queue for audit  data  sent
     to  the plugin is specified by the qsize parameter specified
     for the plugin. If omitted,  the  current  hiwater  mark  is

     used. See the -getqctrl option in auditconfig(1M). When this

     maximum is reached, auditd will either  block  processes  or

     discard data, depending on the cnt audit policy as described
     in auditconfig(1M).

  Auditing Conditions
     The audit  daemon  and  audit  plugins  invoke  the  program

     audit_warn(1M)  under certain conditions. See audit_warn(1M)

     for more information.

FILES

         o    etc/security/audit/audit_class



         o    etc/security/audit/audit_event



ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-

     butes:




     ____________________________________________________________

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |

    |_____________________________|_____________________________|

    | Availability                | SUNWcs                      |

    |_____________________________|_____________________________|

    | Interface Stability         | Committed                   |

    |_____________________________|_____________________________|




SEE ALSO

     audit(1M),  audit_warn(1M),  auditconfig(1M),   praudit(1M),

     auditon(2),  audit_class(4),  audit_event(4),  audit.log(4),

     attributes(5),       audit_binfile(5),       audit_flags(5),

     audit_remote(5), audit_syslog(5), smf(5)



     See the section on Solaris Auditing in System Administration
     Guide: Security Services.





SunOS 5.11          Last change: 30 Aug 2010                    2








System Administration Commands                         auditd(1M)




NOTES
     The functionality described in this man  page  is  available
     only  if  the  Solaris  Auditing Service has been enabled by
     audit(1M).



     auditd is loaded in the global zone at boot time if auditing

     is enabled.



     If the audit policy perzone is  set,  auditd  runs  in  each

     zone, starting automatically when the local zone boots. If a
     zone is running when the perzone  policy  is  set,  auditing
     must be started manually in local zones. It is not necessary
     to reboot the system or the local zone to start auditing  in

     a  local  zone. auditd can be started with audit -s and will

     start automatically with future boots of the zone.



     When auditd runs in a local zone, the configuration is taken

     from   the   local   zone's   smf(5)   repository   and  the

     /etc/security directory's files: audit_class, user_attr, and

     audit_event.



     Configuration changes do not affect audit sessions that  are
     currently  running, as the changes do not modify a process's

     preselection mask. To change the preselection mask on a run-

     ning  process,  use  the -setpmask option of the auditconfig

     command (see auditconfig(1M)). If the user logs out and logs
     back  in, the new configuration changes will be reflected in
     the next audit session.



     The audit service FMRI is svc:/system/auditd:default.






















SunOS 5.11          Last change: 30 Aug 2010                    3



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™