How This Book Is Organized

Chapter 1, Auditing Basics explains the system management and configuration of the auditing subsystem. Topics discussed include managing audit trail storage, determining global and per-user preselection, and setting site-specific configuration options.

Chapter 2, Auditing Setup covers setting up and maintaining auditing at your site. The latter part of the chapter contains procedures for setting up and maintaining auditing.

Chapter 3, Audit Trail Management and Analysis describes how the audit daemon creates the audit trail, and how to manage audit files and read the contents. The latter part of the chapter contains procedures for merging audit files, selecting records, reading the audit trail, and backing up the trail.

Chapter 4, Troubleshooting Auditing contains procedures for troubleshooting the auditing subsystem.

Appendix A, Event-to-Class Mappings lists audit events by their default audit class and alphabetically. It also connects them to their system calls and user commands.

Appendix B, Audit Record Descriptions describes in detail the content of the audit records generated, including a description of every audit token.

Appendix C, Audit Reference lists and describes the man pages for the auditing subsystem and the security attributes on the auditing subsystem files.