Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../../../../../usr/./man/man5/audit_class.5
Real path: /usr/share/man/man5/audit_class.5
Zurück

'\" te
.\" Copyright (c) 2008, 2021, Oracle and/or its affiliates.
.TH audit_class 5 "21 Jun 2021" "Oracle Solaris 11.4" "File Formats"
.SH NAME
audit_class \- audit class definitions
.SH SYNOPSIS

.LP
.nf
\fB/etc/security/audit_class\fR
\fB/etc/security/audit_class.system\fR
.fi
.SH DESCRIPTION
.sp
.LP
The \fBaudit_class\fR file provides the class definitions used for configuring the audit system. Audit events in \fBaudit_event\fR(5) are mapped to one or more of the defined audit classes. \fBaudit_event\fR(5) can be updated in conjunction with changes to \fBaudit_class\fR. See \fBauditconfig\fR(8) and \fBuser_attr\fR(5) for information about changing the preselection of audit classes in the audit system.
.sp
.LP
The system defined audit classes are delivered in the readonly file \fB/etc/security/audit_class.system\fR. The \fB/etc/security/audit_class\fR file is provided for administrator customisation. The administrator can add new audit class or can customise existing metaclasses. 
.sp
.LP
The audit system looks for audit class definitions in the files in the following order:
.RS +4
.TP
1.
\fB/etc/security/audit_class\fR

.RE
.RS +4
.TP
2.
\fB/etc/security/audit_class.system\fR

.RE

.sp
.LP
The fields for each class entry are separated by colons. Each class entry is a bitmap and is separated from each other by a \fBNEWLINE\fR.
.sp
.LP
Each entry in the \fBaudit_class\fR file has the form:
.sp
.in +2
.nf
\fImask\fR:\fIname\fR:\fIdescription\fR
.fi
.in -2
.sp
.sp
.LP
The fields are defined as follows:
.sp
.ne 2
.mk
.na
\fB\fImask\fR\fR
.ad
.RS 15n
.rt
class mask
.RE

.sp
.ne 2
.mk
.na
\fB\fIname\fR\fR
.ad
.RS 15n
.rt
class name
.RE

.sp
.ne 2
.mk
.na
\fB\fIdescription\fR\fR
.ad
.RS 15n
.rt
class description
.RE

.sp
.LP
Each class is represented as a bit in the 64 bit class mask. There are 64 different classes available. Meta-classes can also be defined. Meta-classes are supersets composed of multiple base classes, and have more than 1 bit in mask. See \fBEXAMPLES\fR. 
.sp
.LP
Two special meta-classes are pre-defined: \fBall\fR and \fBno\fR.
.sp
.ne 2
.mk
.na
\fB\fBall\fR\fR
.ad
.RS 7n
.rt
Represents a conjunction of all allowed classes, and is provided as a shorthand method of specifying all classes.
.RE

.sp
.ne 2
.mk
.na
\fB\fBno\fR\fR
.ad
.RS 7n
.rt
Is the invalid class, and any event mapped solely to this class are not audited. Turning auditing on to the \fBall\fR meta-class does not cause events mapped solely to the \fBno\fR class to be written to the audit trail. This class is also used to map obsolete events which are no longer generated. Obsolete events are retained to process old audit trails files.
.sp
Redefining the \fBno\fR class to have \fBnon-zero\fR value can have undesirable side effects
.RE

.sp
.LP
The mask positions \fB0xff00000000000000\fR are reserved for local site use.
.SH EXAMPLES
.LP
\fBExample 1\fR Using an \fBaudit_class\fR File

.sp
.LP
The following is an example of an \fBaudit_class\fR file:

.sp
.in +2
.nf
0x0100000000000000:pf:profile command
.fi
.in -2
.sp

.sp
.LP
To refresh the audit service to update the runtime mappings:

.sp
.in +2
.nf
# \fBsvcadm refresh svc:/system/auditset:default\fR
.fi
.in -2
.sp
.SH FILES
.sp
.LP
\fB/etc/security/audit_class\fR
.sp
.LP
\fB/etc/security/audit_class.system\fR
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(7) for descriptions of the following attributes:
.sp
.TS
tab(
) box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPE
ATTRIBUTE VALUE
_
Interface Stability
See below.
.TE
.sp
.sp
.LP
The file format stability is Committed. The file content is Uncommitted.
.SH SEE ALSO
.sp
.LP
\fBaudit_event\fR(5), \fBuser_attr\fR(5), \fBaudit_flags\fR(7), \fBattributes\fR(7), \fBauditconfig\fR(8), \fBauditrecord\fR(8)
.sp
.LP
\fIManaging Auditing in Oracle Solaris 11.4\fR