DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Configuring auditing

Starting the audit subsystem with /etc/init.d/audit

The /etc/init.d directory contains a series of files, each of which consists of commands that init executes when the operating system changes init states. The audit file, as distributed, invokes the auditon command to enable auditing when the system enters multiuser mode and the auditoff command to disable auditing when the system enters either single-user mode or power off state. If the system is going to multiuser mode and the auditon command fails the system returns to single-user mode.

The administrator can edit /etc/init.d/audit and add additional auditing commands. This will allow site specific audit requirements to be configured each time auditing is enabled. For example, the auditset command, to set the audit criteria, or the auditlog command, to set log file characteristics, may be added.


CAUTION: Do not add entries to /etc/init.d/audit unless you are sure that you have invoked the audit commands correctly. Otherwise, auditing may not function properly when the system enters multiuser mode. If the auditon command fails, the system will be brought back to single-user mode.


Next topic: A quick reference to enabling audit
Previous topic: Stopping auditing from the command line

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005