#!/sbin/sh
# @(#) $Revision: 72.4 $       
# Auditing configuration.  See audsys(1m), audevent(1m)
#
# AUDITING:	Set to 1 to enable the auditing system.  Note: if auditing
#		is enabled via SAM, the AUDITING and other configuration
#		variables are ignored.
#
# PRI_AUDFILE:	Pathname of file where audit records begin to be logged.
# PRI_SWITCH:	switch size (maximum size in kbytes for primary audit log file)
# SEC_AUDFILE:	file audit system switches to when primary reaches switch size
# SEC_SWITCH:	switch size of secondary file (maximum size in kbytes for
#		secondary audit log file)
#
# Note:  If the system has any mounted volumes, you might want to put the
# primary and secondary audit log files on different volumes to take maximum
# advantage of audit file switching.
#
# Note:  For security, the path to the audit files must not be readable or
# writable except by authorized users.
#
# AUDEVENT_ARGS:
#               Arguments to the audevent command.  See audevent(1m)
#               There are three instances of AUDEVENT_ARGS. 
#
#               AUDEVENT_ARGS1 describes those events that are audited
#               for both success and failure.
#
#               AUDEVENT_ARGS2 describes those events that are success only.
#
#               AUDEVENT_ARGS3 describes those events that are failure only.
#
#               A null string for AUDEVENT_ARGSx is assigned to arguments 
#               that don't apply.
#
#		By default, AUDEVENT_ARGS1 is set to:
#			"-P -F -e moddac -e login -e admin"
#		which causes audevent to deal with:
#			1) changing discretionary access control (DAC),
#			2) logging in, and
#			3) administering the system will be audited.
#		While these may be a reasonable defaults on some systems,
#		only the security officer/administrator can determine exactly
#		what is needed.
#
# AUDOMON_ARGS:	Arguments to the audomon daemon.  See audomon(1m)
#		By default, AUDOMON_ARGS is set to "-p 20 -t 1 -w 90".
#		The audomon daemon takes the following arguments:
#
#         fss = minimum percentage of free space left on an audit log file's
#		file-system before switching to the secondary audit log file
#		(which may reside on a separate volume/partition),
#		or before taking protective action if no file space is left.
#		(default: 20%)
#     sp_freq = minimum wakeup interval (in minutes), at which point
#		warning messages are generated on the console about
#		switch points.  Switch points are the maximum log file
#		sizes and the percentage minimum free space specified.
#		(default: 1  minute)
#     warning = percentage of audit file space used or minimum free space
#		used after which warning messages are sent to the console.
#		(default: 90 - warning messages are sent when the files
#		are 90% full or available free space is 90% used)
#
# Format:	audomon -p fss -t sp_freq -w warning
#
AUDITING=0
PRI_AUDFILE=/.secure/etc/audfile1
PRI_SWITCH=1000
SEC_AUDFILE=/.secure/etc/audfile2
SEC_SWITCH=1000
AUDEVENT_ARGS1="-P -F -e moddac -e login -e admin"
AUDEVENT_ARGS2=""
AUDEVENT_ARGS3=""
AUDOMON_ARGS="-p 20 -t 1 -w 90"
