Examine the following information:
Which statement describes the user auuser audit mask?
A.
All failed and successful lo events, all failed and successful am events will be logged, no ss
events will be logged.
B.
All failed and successful lo events, all failed and successful am events and successful ss
events will be logged.
C.
All failed and successful lo events, all failed and successful am events and failed ss events will
be logged.
D.
All failed and successful lo events and all failed and successful ss events will be logged.
Explanation:
Note:
* The Trusted Solaris environment provides audit classes including:
ss – Change system state
no – Invalid class
lo – Login or logout
* always-audit
Lists the audit classes that are audited for this user. Modifications to the system-wide classes are
prefixed by a caret (^). Classes that are added to the system-wide classes are not prefixed by a
caret.
never-audit
Lists the audit classes that are never audited for the user, even if these audit events are audited
system-wide. Modifications to the system-wide classes are prefixed by a caret (^).
* Process preselection mask – A combination of the system-wide audit mask and the user-specific
audit mask, if a user audit mask has been specified. When a user logs in, the login process
combines the preselected classes to establish the process preselection mask for the user’s
processes. The process preselection mask specifies whether events in each audit class are to
generate audit records.
The following algorithm describes how the system obtains the user’s process preselection mask:
(system-wide default flags + always-audit-classes) – never-audit-classes
* getent user_attr
getent
– get entries from administrative database
getent gets a list of entries from the administrative database specified by database. The
information generally comes from one or more of the sources that are specified for the database in
/etc/nsswitch.conf.
A
D
(lo,ss)