AIX: Create Audit Classes to Monitor Events

On AIX computers, after you install the AD Bridge Enterprise agent, you can create audit classes to monitor the activities of users who log on with their Active Directory credentials. You can use the following file as a template to create audit classes for AD users:

/etc/pbis/auditclasses.sample

To create and configure an audit class, copy the file and name it /etc/pbis/auditclasses. Edit the file to set the audit classes. After you configure audit classes, the auditing occurs the next time the user logs on.

The sample AD Bridge Enterprise auditclasses file looks like this:

#
# Sample auditclasses file.
#
# A line with no label specifies the default audit classes 
# for users that are not explicitly listed: # general, files # # A line starting with a username specifies the audit classes # for that AD user. The username must be specified as the # "canonical" name for the user: either "DOMAIN\username" or # just "username" if "--assumeDefaultDomain yes" was passed # to domainjoin-cli with "--userDomainPrefix DOMAIN". # In AD Bridge, if the user has an alias specified in # the cell the alias name must be used here. # DOMAIN\user1: general, files, tcpip user2: general, cron # # A line starting with an @ specifies the audit classes for # members of an AD group. These classes are added to the # audit classes for the user (or the default, if the user is # not listed here). Whether to specify "DOMAIN\groupname" or # just "groupname" follows the same rules as for users. # @DOMAIN\mail_users: mail group2: cron

For more information on AIX audit classes, please see IBM documentation for your version of AIX.