z/OS UNIX System Services User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Auditing file access

z/OS UNIX System Services User's Guide
SA23-2279-00

Using the chaudit command, you can specify which types of file access are audited by RACF®. RACF writes the audit information to system management facilities (SMF) record 80.

Only a file owner or a security auditor can specify if auditing is turned on or off, and when audit records should be written for a directory or a file: for successful accesses, failed accesses, or for all accesses.

You can specify audits for read, write, and search or execute attempts. For each of these, you can specify audits for successful access, failed access, or both. You can also set the audit flags off, so that audits are not performed.

The default audit bits are set at file creation:
  • The user-requested-audit flags are set to audit failed attempts to read, write, or execute. Only the file owner or a superuser can specify user audit options.
  • The auditor-requested-audit flags are set off (no auditing). To specify auditor audit options, you must have security auditor authority.

See the chaudit command description in z/OS UNIX System Services Command Reference for a description of the chaudit command. See the topic about specifying file audit options in z/OS UNIX System Services Planning for a description of how a superuser or security auditor would use the chaudit command.

Parent topic: Handling security for your files

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014