auditldap Command
Purpose
Uploads the /etc/security/audit/config audit configuration file to a centralized location on a Lightweight Directory Access Protocol (LDAP) server.
Syntax
auditldap [-a|-u] -D bindDN -w bindPwD [ -b baseDN ] [ -f filename ] [-c] [-v]
auditldap [-?]
Description
A system administrator can store the /etc/security/audit/config audit configuration file in a centralized location on an LDAP server by using the auditldap command. By sharing this configuration file, system that is operating in a similar environment can download configuration during audit start. Therefore, systems with similar security requirements can be configured the same audit configuration stored on LDAP.
Note: With the existing
LDAP setup, the auditldap command uses the binding distinguished
name (bindDN) and the binding password (bindPwD) of the LDAP client
that is in the running state to store the /etc/security/audit/config audit configuration file on the LDAP server.
Flags
| Item | Description |
|---|---|
| -a | Adds an audit configuration file to an LDAP server. |
| -b baseDN | Specifies the centralized location where the
audit configuration files are stored. If you specify the baseDN parameter when the /etc/security/audit/config audit file
is being uploaded, the /etc/security/audit/config audit file
is stored in the location specified by the baseDN parameter.
Otherwise the files are stored at the location specified by the default baseDN value, for example cn=config, ou=audit,cn=aixdata. |
| -c | Continues operation during error. |
| -D bindDN | Specifies the binding distinguished name that is used to connect to an LDAP server. |
| -f filename | Specifies the full path of the audit configuration file which is uploaded to an LDAP server. If you do not specify the option, the /etc/security/audit/config file is uploaded to the LDAP server by default. |
| -u | Updates an audit configuration file to the LDAP server. |
| -v | Displays the Verbose mode. |
| -w bindPwD | Specifies the binding password that is to write the audit configuration file into an LDAP server. |
| -? | Displays the usage statement of the command. |
Exit Status
| Item | Description |
|---|---|
| 0 | Success |
| 1 | Failure |
Security
Only root users can run the auditldap command.
Examples
- To upload the /etc/security/audit/config file under the
ou=audit,cn=aixdata DN, enter the following command:auditldap –u –D binddn -w secret –b ou=audit,cn=aixdata - To add the /etc/security/audit/config file under the
ou=audit,cn=aixdata DN, enter the following command:auditldap -a -D binddn -w secret -b ou=audit,cn=aixdata
Files
| Item | Description |
|---|---|
| /etc/security/audit/config | Stores the audit configuration file. |