Recording audit data for signature verification commands

By default, audit data is recorded in the message audit log of an OU for each verify command that is sent to the signature verification service (DNF_V_ADM), and its response. A person with the system configuration administrator (DniSA) role can disable or re-enable this behavior. For example:

  1. Start the CLI for the instance INST1, OU SYSOU, and service DNI_SYSADM: 
    dnicli -i INST1 -ou SYSOU -s DNI_SYSADM
    This requires the system configuration administrator (DniSA) role.
  2. Issue one of the following commands on a single line after the INST1.SYSOU.DNI_SYSADM> prompt:
    • To disable recording of audit data for the verify command for the OU BANKA in instance INST1: 
      add -ou BANKA -ct DnfVerifParameters -co DnfVerifParameters
    -attr Audit -val none
    • To enable recording of audit data for the verify command for the OU BANKA in instance INST1: 
      add -ou BANKA -ct DnfVerifParameters  -co DnfVerifParameters
    -attr Audit -val all
  3. Commit, approve, and deploy the changes: 
    com -ou BANKA
app -ou BANKA
dep -ou BANKA
    If dual authorization is enabled, another user with the appropriate access rights must approve the changes before they can be deployed. If dual authorization is disabled, you can skip approving the changes and immediately deploy them.