#!/sbin/sh
# @(#)B.11.31_LR        
# Auditing configuration.  See audsys(1m), audevent(1m), audomon(1m)
# and audit.conf(4).
#
# AUDITING:	Set to 1 to enable the auditing system.
#
# Note:  All other parameters are ignored if AUDITING is not set to 1.
#
# PRI_AUDFILE:	Pathname of the audit trail where audit records begin to
#		be logged (has to be an absolute path).
# PRI_SWITCH:	switch size (maximum size in kbytes for primary audit trail)
# SEC_AUDFILE:	the trail audit system switches to when primary reaches
#		switch size (has to be "*" or an absolute path).
# SEC_SWITCH:	switch size of secondary trail (maximum size in kbytes for
#		secondary audit trail)
#
# Note:  Settings to PRI_AUDFILE, PRI_SWITCH, SEC_AUDFILE and SEC_SWITCH
# only have effect during first time starting up auditing subsystem.
# To get the most current and effective settings to these parameters,
# use audsys(1m).
# 
# Note:  If the secondary audit trail is not specified, audit system will
# still switch to another audit trail which has the same base name as
# the last primary audit trail, but with a different timestamp as
# the extension name. e.g. If PRI_AUDFILE is set to "mytrail", SEC_AUDFILE
# is set to "", when /var/.audit/mytrail reaches switch size, audit
# system will start writing to /var/.audit/mytrail.yyyymmddHHMM where
# yyyymmddHHMM will be replaced by the real time of the switch point.
#
# Note:  You might also want to specify the action to take at the switch
# point (e.g. backup the last audit trail) to avoid filesystem from
# getting full and thus take maximum advantage of the auto-switching
# mechanism. See also AUDOMON_ARGS below.
#
# Note: For security, the path to the audit files must not be readable or
# writable except by authorized users.
#
# NTHREADS:	the number of log files that an audit trail is composed of
#
# Note:  Settings to NTHREADS only have effect during first time
# starting up auditing subsystem. To get the most current and effective
# setting to this parameter, use audsys(1m).
#
# Note: The recommended value for NTHREADS is approximately the number
# of processors on the system divided by two.
#
# Note: Set NTHREADS to 0 to make the audit trail to be a regular file
# instead of a directory composed of one or more files.
#
# AUDEVENT_ARGS:
#               Arguments to the audevent command.  See audevent(1m)
#               There are three instances of AUDEVENT_ARGS. 
#
#               AUDEVENT_ARGS1 describes those events that are audited
#               for both success and failure.
#
#               AUDEVENT_ARGS2 describes those events that are success only.
#
#               AUDEVENT_ARGS3 describes those events that are failure only.
#
#               AUDEVENT_ARGS4 describes those events that are audited
#			for neither success nor failure.
#		(For example, you may wish to turn on auditing for the
#		event moddac using AUDEVEN_ARGS1, which, as a side effect, turns
#		on auditing for the syscall semop.  You can then use this
#		variable to specify that semop is not audited at all.)
#
#               A null string for AUDEVENT_ARGSx is assigned to arguments 
#               that don't apply.
#
#		By default, AUDEVENT_ARGS1 is set to:
#			"-P -F -r basic"
#		which causes audevent to deal with the basic audit profile
#		described in /etc/audit/audit.conf, i.e.
#			1) changing discretionary access control (DAC),
#			2) logging in and off,
#			3) administering the system will be audited,
#			4) exec event,
#			5) operations on pset, and
#			6) setuid program
#		While these may be a reasonable defaults on some systems,
#		only the security officer/administrator can determine exactly
#		what is needed.
#
# AUDOMON_ARGS:	Arguments to the audomon daemon.  See audomon(1m)
#		By default, AUDOMON_ARGS is set to "-p 20 -t 1 -w 90".
#		The audomon daemon takes the following arguments:
#
#         fss = minimum percentage of free space left on an audit trail's
#		file-system before switching to the secondary audit trail 
#		(which may reside on a separate volume/partition),
#		or before taking protective action if no file space is left.
#		(default: 20%)
#     sp_freq = minimum wakeup interval (in minutes), at which point
#		warning messages are generated on the console about
#		switch points.  Switch points are the maximum log file
#		sizes and the percentage minimum free space specified.
#		(default: 1  minute)
#     warning = percentage of audit file space used or minimum free space
#		used after which warning messages are sent to the console.
#		(default: 90 - warning messages are sent when the files
#		are 90% full or available free space is 90% used)
#     action  = a command line which will be invoked upon each switch
#		of audit trails
#
# Format:	audomon -p fss -t sp_freq -w warning -X action
#
# Note:  'action' is not specified by default; however, it is highly
# recommended to specify one. See notes above for *_AUDFILE.
#
AUDITING=0
PRI_AUDFILE=/var/.audit/audfile1
PRI_SWITCH=1000
SEC_AUDFILE=/var/.audit/audfile2
SEC_SWITCH=1000
AUDEVENT_ARGS1=""
AUDEVENT_ARGS2=""
AUDEVENT_ARGS3=""
AUDEVENT_ARGS4=""
AUDOMON_ARGS=" -p 20 -t 1 -w 90"