개요

• 솔라나라에 설명된 어플리케이션에 대해 맨 페이지를 찾아 출력한다.
• MAN 페이지에 대한 설명은 윈디하나의 솔라나라: MAN 페이지을 참고하자.
• svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.

audit_flags(7)

Standards, Environments, Macros, Character Sets, and miscellany
                                                                audit_flags(7)



NAME
       audit_flags - audit preselection flags

DESCRIPTION
       Audit  flags  specify  which  audit  classes  are  to  be audited for a
       process. Audit classes are defined in the audit_class(5) file and group
       together  like  audit events as defined in the audit_event(5) file. The
       default Solaris system-wide audit flags are configured as part  of  the
       audit  service  using  auditconfig(8).  Additional per-user or per-role
       audit flags may be configured in the user_attr(5) database  or  in  the
       profiles   granted   to   the  user  by  the  audit_flags=always-audit-
       flags:never-audit-flags keyword. The  audit  flags  of  a  process  are
       called the preselection mask. The preselection mask is set at login and
       role assumption time by combining the default Solaris system-wide audit
       flags  with  the  per-user  audit flags (default flags +  always-audit-
       flags) -  never-audit-flags.


       Audit flags are specified as a character string representing the  audit
       class  names  to be audited. Each flag identifies an audit class and is
       separated by a comma (,) from others in the string. An audit class name
       preceded  by - means that the class should be audited for failure only;
       successful attempts are not audited. An audit class name preceded by  +
       means  that  the  class  should  be  audited  for  success only; failed
       attempts are not audited. Without a prefix, the audit class name  indi‐
       cates  that the class is to be audited for both successes and failures.
       The special string "all" indicates that all  audit  events  are  to  be
       audited;  -all indicates that all failed attempts are to be audited and
       +all indicates that all successful attempts are to be audited. The pre‐
       fixes  ^,  ^- and ^+ turn off flags specified earlier in the string (^-
       and ^+ for failed and successful attempts respectively,  ^  for  both).
       They are typically used to reset flags. The special string no indicates
       no audit events are to be audited.

EXAMPLES
       Example  1  Preselect  to  audit  for  successful   and   failed   "lo"
       (login/logout), "am" (administration) audit events and all failed audit
       events except for failed "fm" (file attribute modify) events.


         lo,am,-all,^-fm


       Example  2  Preselect  to  audit  for  successful   and   failed   "lo"
       (login/logout), "as" (system-wide administration) and failed "fm" (file
       attribute modify) events.


         lo,as,-fm


SEE ALSO
       profiles(1),     audit_class(5),     audit_event(5),      prof_attr(5),
       user_attr(5), auditconfig(8), auditd(8), usermod(8)



Oracle Solaris 11.4               21 Jun 2021                   audit_flags(7)