[PATCH 01/07][RFC] RACF audit plugin - configuration files
This patch adds the configuration files for the racf plugin. There is a
need for two separate configuration files: one for the audit dispatcher
and another for the plugin itself.
The plugin configuration includes server and authentication information,
thus it should not be readable by anyone but root. The (large) default
queue size is to allow event bursts avoiding events drop.
The plugin comes disabled by default.
Signed-off-by: Klaus Heinrich Kiwi <klausk(a)br.ibm.com>
diff -purN audit-1.6.2/audisp/plugins/racf/audisp-racf.conf
audit-1.6.2_racf/audisp/plugins/racf/audisp-racf.conf
--- audit-1.6.2/audisp/plugins/racf/audisp-racf.conf 1969-12-31 21:00:00.000000000 -0300
+++ audit-1.6.2_racf/audisp/plugins/racf/audisp-racf.conf 2007-09-28 09:18:08.000000000
-0300
@@ -0,0 +1,13 @@
+# This is the audit dispatcher configuration
+# for the RACF audit plugin
+# Note that this specific plugin has a configuration
+# file of its own. The complete path for this
+# file must be entered as the argument for the
+# plugin in the 'args' field below
+
+active = no
+direction = out
+path = /sbin/audisp-racf
+type = always
+args = /etc/audisp/racf.conf
+format = string
diff -purN audit-1.6.2/audisp/plugins/racf/racf.conf
audit-1.6.2_racf/audisp/plugins/racf/racf.conf
--- audit-1.6.2/audisp/plugins/racf/racf.conf 1969-12-31 21:00:00.000000000 -0300
+++ audit-1.6.2_racf/audisp/plugins/racf/racf.conf 2007-09-28 09:18:08.000000000 -0300
@@ -0,0 +1,13 @@
+# This is the configuration file for the audit-plugin-racf
+# server, user and password are required, everything else is
+# optional
+# Also note that user is in the format
+# 'racfid=${USER},cn=ictx'
+# where ${USER} is the RACF user with R_auditx authority
+
+server = racf.server
+port = 389
+user = racfid=RACFUSER,cn=ictx
+password = password
+timeout = 15
+q_depth = 256