Contains the audit events for audited objects (files).
The /etc/security/audit/objects file is an ASCII stanza file that contains information about audited objects (files). This file contains one stanza for each audited file. The stanza has a name equal to the path name of the file.
Each file attribute has the following format:
access_mode = "audit_event "
An audit-event name can be up to 15 bytes long; longer names are rejected. Valid access modes are read (r), write (w), and execute (x) modes. For directories, search mode is substituted for execute mode.
Access Control: This file should grant read (r) access to the root user and members of the audit group and grant write (w) access only to the root user.
To define the audit events for the /etc/security/passwd file, add a stanza to the /etc/security/audit/objects file. For example:
/etc/security/passwd: r = "S_PASSWD_READ" w = "S_PASSWD_WRITE"
These attributes generate a S_PASSWD_READ audit event each time the passwd file is read, and a S_PASSWD_WRITE audit event each time the file is opened for writing.
/etc/security/audit/objects | Specifies the path to the file. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/audit/events | Contains the audit events of the system. |
/etc/security/audit/bincmds | Contains auditbin backend commands. |
/etc/security/audit/streamcmds | Contains auditstream commands. |
The audit command.
The auditobj subroutine.
Setting Up Auditing in AIX 5L Version 5.2 System Management Guide: Operating System and Devices.
Auditing Overview, Security Administration in AIX 5L Version 5.2 System Management Concepts: Operating System and Devices.