|
|
The /etc/init.d directory contains a series of files, each of which consists of commands that init executes when the operating system changes init states. The audit file, as distributed, invokes the auditon command to enable auditing when the system enters multiuser mode and the auditoff command to disable auditing when the system enters either single-user mode or power off state. If the system is going to multiuser mode and the auditon command fails the system returns to single-user mode.
The administrator can edit /etc/init.d/audit and add additional auditing commands. This will allow site specific audit requirements to be configured each time auditing is enabled. For example, the auditset command, to set the audit criteria, or the auditlog command, to set log file characteristics, may be added.