A change in your company’s security policy now requires an audit trial of all administrators assuming the
sysadm role, capturing:
Executed commands, including options
Logins and logouts
There are two command necessary to accomplish this change. One is a rolemod command. What is the other?
A.
auditconfig set policy=argv
B.
auditconfig -setpolicy +argv
C.
auditconfig -setflags lo, ex sysadm
D.
auditconfig set flags=lo, ex sysadm
Explanation:
Audit Significant Events in Addition to Login/Logout (see step 2 below)
Use this procedure to audit administrative commands, attempts to invade the system, and other significant
events as specified by your site security policy.
For all users and roles, add the AUE_PFEXEC audit event to their preselection mask.
# usermod -K audit_flags=lo, ps:no username
# rolemod -K audit_flags=lo, ps:no rolename
# auditconfig -setpolicy +argv
3- Record the environment in which audited commands are executed.
# auditconfig -setpolicy +arge
Note: [-t] -setpolicy [+|-]policy_flag[, policy_flag …]
Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of + addsthe policies specified to the current audit policies. A prefix of – removes the policies specified from the current
audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global
zone.