| AUDITD(8) | MidnightBSD System Manager's Manual | AUDITD(8) |
auditd — audit log
management daemon
auditd |
[-d | -l] |
The auditd daemon responds to requests
from the audit(8) utility
and notifications from the kernel. It manages the resulting audit log files
and specified log file locations.
The options are as follows:
-d-lauditd is configured to
start on-demand using
launchd(8).Optionally, the audit review group "audit" may be created. Non-privileged users that are members of this group may read the audit trail log files.
To assure uninterrupted audit support, the
auditd daemon should not be started and stopped
manually. Instead, the
audit(8) command should be
used to inform the daemon to change state/configuration after altering the
audit_control file.
If auditd is started on-demand by
launchd(8) then auditing
should only be started and stopped with
audit(8).
On Mac OS X, auditd uses the
asl(3) API for writing
system log messages. Therefore, only the audit administrator and members of
the audit review group will be able to read the system log entries.
The historical -h and
-s flags are now configured using
audit_control(5)
policy flags ahlt and cnt,
and are no longer available as arguments to
auditd.
asl(3), libauditd(3), audit(4), audit_class(5), audit_control(5), audit_event(5), audit_warn(5), audit(8), auditdistd(8), launchd(8) (Mac OS X)
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
| July 25, 2015 | midnightbsd-3.1 |