75 0x00000002:fw:file write
76 0x00000004:fa:file attribute access
77 0x00000008:fm:file attribute modify
78 0x00000010:fc:file create
79 0x00000020:fd:file delete
80 0x00000040:cl:file close
81 0x00000100:nt:network
82 0x00000200:ip:ipc
83 0x00000400:na:non-attribute
84 0x00001000:lo:login or logout
85 0x00004000:ap:application
86 0x000f0000:ad:old administrative (meta-class)
87 0x00070000:am:administrative (meta-class)
88 0x00010000:ss:change system state
89 0x00020000:as:system-wide administration
90 0x00040000:ua:user administration
91 0x00080000:aa:audit utilization
92 0x00300000:pc:process (meta-class)
93 0x00100000:ps:process start/stop
94 0x00200000:pm:process modify
95 0x20000000:io:ioctl
96 0x40000000:ex:exec
97 0x80000000:ot:other
98 0xffffffff:all:all classes (meta-class)
99
100
101
102 FILES
103 /etc/security/audit_class
104
105
106
107 ATTRIBUTES
108 See attributes(5) for descriptions of the following attributes:
109
110
111
112
113 +---------------------+-----------------+
114 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
115 +---------------------+-----------------+
116 |Interface Stability | See below. |
117 +---------------------+-----------------+
118
119
120 The file format stability is Committed. The file content is
121 Uncommitted.
122
123 SEE ALSO
124 au_preselect(3BSM), getauclassent(3BSM), audit_event(4), attributes(5)
125
126 NOTES
127 It is possible to deliberately turn on the no class in the kernel, in
128 which case the audit trail will be flooded with records for the audit
129 event AUE_NULL.
130
131
132
133 March 6, 2017 AUDIT_CLASS(4)
|
75 0x00000002:fw:file write
76 0x00000004:fa:file attribute access
77 0x00000008:fm:file attribute modify
78 0x00000010:fc:file create
79 0x00000020:fd:file delete
80 0x00000040:cl:file close
81 0x00000100:nt:network
82 0x00000200:ip:ipc
83 0x00000400:na:non-attribute
84 0x00001000:lo:login or logout
85 0x00004000:ap:application
86 0x000f0000:ad:old administrative (meta-class)
87 0x00070000:am:administrative (meta-class)
88 0x00010000:ss:change system state
89 0x00020000:as:system-wide administration
90 0x00040000:ua:user administration
91 0x00080000:aa:audit utilization
92 0x00300000:pc:process (meta-class)
93 0x00100000:ps:process start/stop
94 0x00200000:pm:process modify
95 0x02000000:sa:SACL-based File Access Auditing
96 0x20000000:io:ioctl
97 0x40000000:ex:exec
98 0x80000000:ot:other
99 0xffffffff:all:all classes (meta-class)
100
101
102
103 FILES
104 /etc/security/audit_class
105
106
107
108 ATTRIBUTES
109 See attributes(5) for descriptions of the following attributes:
110
111
112
113
114 +---------------------+-----------------+
115 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
116 +---------------------+-----------------+
117 |Interface Stability | See below. |
118 +---------------------+-----------------+
119
120
121 The file format stability is Committed. The file content is
122 Uncommitted.
123
124 SEE ALSO
125 au_preselect(3BSM), getauclassent(3BSM), audit_event(4), attributes(5)
126
127 NOTES
128 It is possible to deliberately turn on the no class in the kernel, in
129 which case the audit trail will be flooded with records for the audit
130 event AUE_NULL.
131
132
133
134 July 10, 2018 AUDIT_CLASS(4)
|