Copyright (c) 2017 Peter Tribble
Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
/usr/lib/security/audit_binfile.so
The audit_binfile plugin module for audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as specified in the plugin's attributes configured by auditconfig(8); it is the default plugin for the audit daemon auditd(8). Its output is described by audit.log(5).
The p_dir attribute specifies a comma-separated list of directories to be used for storing audit files.
The p_minfree attribute specifies the percentage of free space required. If free space falls below this threshold, the audit daemon auditd(8) invokes the shell script audit_warn(8). The default threshold is 0%.
The p_fsize attribute defines the maximum size in bytes that an audit file can become before it is automatically closed and a new audit file opened. This is equivalent to an administrator issuing an audit -n command when the audit file contains the specified number of bytes. The default size is zero (0), which allows the file to grow without bound. The value specified must be within the range of [512,000, 2,147,483,647].
The following commands cause audit_binfile.so to be activated, specify the directories for writing audit logs, and specify the percentage of required free space per directory. Note that using auditconfig(8) only allows one attribute to be set at a time.
# auditconfig -setplugin audit_binfile active p_minfree=20 # auditconfig -setplugin audit_binfile active \e p_dir=/var/audit/jedgar/eggplant,\e /var/audit/jedgar.aux/eggplant,\e /var/audit/global/eggplant
See attributes(7) for a description of the following attributes:
ATTRIBUTE TYPE ATTRIBUTE VALUE |
MT Level MT-Safe |
Interface Stability Committed |
audit.log (5), attributes (7), auditconfig (8), auditd (8)