Using commands for administrative tasks

The command-line programs allow you to perform administrative tasks—such as enable or disable shell auditing on UNIX computers or generate diagnostic information—directly on an audited computer. The following table provides a summary of the auditing-related programs installed with the Centrify Agent for *NIX and the Centrify Client for Linux audit package. For complete information about the syntax and options for any command, see the man page for that command.

Use this command To do this


The dacheck command performs operating system, network, and Active Directory tests to verify a computer meets the system requirements for a successful installation. For example, the script runs the dacheck program.

The dacheck command is located in the same place as the adcheck command: /usr/share/centrify/dc/bin.


Enable or disable session or individual command auditing on a computer. You can also use this command to manually configure the audit installation to use for a local computer if you are not identifying the installation by group policy.

Only users with root privileges can run the dacontrol command.

Note:   If the audited system is not joined to Active Directory and it is audited by way of the Centrify Client for Linux, you cannot change the audit installation with the dacontrol command.


Start the dad process manually.

The dad process records terminal activity on the UNIX computer and transfers the data to a collector. In most cases, it is automatically started when the computer is first booted. However, you can run this command to manually start the audit process on a local computer.

Only users with root privileges can run the dad command.


Enable or disable logging for the dad process on an audited computer.

If you enable logging, the dad process writes messages to the /var/log/centrifydc.log file. If you run dadebug without specifying an option, the command returns a status message that indicates whether logging is currently enabled or disabled.

Only users with root privileges can run the dadebug command.


Display detailed information about the configuration and current auditing status for a local computer.

This command displays the same information as dainfo --diag.


Clear the auditing service in-memory cache of name service queries and installation information.

If you run this command without any arguments, it removes both auditing-related name service query results and audit installation information from the in-memory cache. If you run this command with no arguments or specify the ‑‑name‑service option, the command also automatically clears the cache for common name services—such as nscd and pwgrd—if those services are running on the local computer.

Clearing the cache of name service query results is useful if you make changes that would affect the results of a name service query, and want to ensure you get updated information. For example, if you remove the UNIX Login role for an Active Directory user, some information for that user might remain in the auditing service cache and be returned when you run a command such as getent passwd for that user. You can run daflush to ensure the user is removed completely from the local computer cache, including the auditing service cache.

Only users with root privileges can run the daflush command.


Display detailed information about the status and configuration of an audited computer.


Force the dad process to reload configuration properties from the /etc/centrifyda/centrifyda.conf file or the advanced monitoring properties from /etc/centrifyda/libaudit.conf. This command enables you to apply configuration changes without restarting the agent.

Only users with root privileges can run the dareload command.

Reset shells to their source shell on computers that are not being audited in an audited zone.

On audited computers, the cdash shell is used to capture and forward audit data instead of the original shell. This script enables you to restore the user’s original shell choice if the auditing service and wrapper shell are removed.


Display information about the size and content of the auditing-related offline cache (spool) files.

If an audited computer cannot contact a collector service, it caches session, audit trail, and other information locally until a collector becomes available. This command enables you to review information about these offline cache files.

Only users with root privileges can run the daspool command.