Once you have installed the auditing software, you should verify that the installed files have the proper attributes. Use the pkgchk(1M) command to do this.
To verify the file attributes, run pkgchk on
the audit package:
pkgchk audit
Correct any discrepancies that the pkgchk command finds.
This procedure will only check installed files. It will not check system files that are created as part of the normal functioning of the auditing system. Attributes of these files should be checked periodically to ensure system security and integrity. Discretionary Access Control (DAC) file permission settings for the audit user-level commands and system files are listed in the following table.
Access permissions for audit files
| Command or filename | Owner | Group | Permissions |
|---|---|---|---|
| auditcnv | root | audit | r-xr-x--- |
| auditfltr | root | audit | r-xr-x--- |
| auditlog | root | audit | r-xr-x--- |
| auditmap | root | audit | r-xr-x--- |
| auditon | root | audit | r-xr-x--- |
| auditoff | root | audit | r-xr-x--- |
| auditset | root | audit | r-xr-x--- |
| auditrpt | root | audit | r-xr-x--- |
| /etc/security/audit | root | audit | drwxrwxr-x |
| /etc/security/audit/classes | root | audit | rw-rw-r-- |
| /etc/security/ia/audit | root | sys | r-------- |
| /etc/default/audit | root | sys | r--r--r-- |
| /etc/init.d/audit | root | audit | r--r--r-- |
| /var/audit | root | audit | drwxrwx--- |
| /var/audit/MMDD### (log files) | root | audit | r--r----- |
| /var/audit/auditmap | root | audit | drwxrwx--- |
| /var/audit/auditmap/* | root | audit | rw-rw---- |
Once the installation is complete, and you have verified that the files were correctly installed, you can proceed to customize the auditing subsystem to your requirements. See ``Configuring auditing'' for information on how to do this.