audit_site.conf man page on HP-UX

Printed from http://www.polarhome.com/service/man/?qf=audit_site.conf&af=0&tf=2&of=HP-UX

audit.conf(4)							 audit.conf(4)

NAME
       audit.conf,  audit_site.conf  - files containing event mapping informa‐
       tion and	 site-specific event mapping information

DESCRIPTION
       Files and store the event mapping information that can be used by and

       An event is a particular system operation.  It may be  either  a	 self-
       auditing	 event or a system call.  Auditable events are classified into
       several event categories and/or profiles. Events and system  calls  may
       have aliases.

       When  the  auditing system is installed, a default set of event mapping
       information is provided in In order to meet site-specific requirements,
       users may also define event categories and profiles in

       In  general,  an	 event category is defined as a set of operations that
       affect a particular aspect of the system.  A profile is	defined	 as  a
       set  of operations that affect a particular type of system.  With these
       classifications, a set of events can be selected when using or by spec‐
       ifying the event category or the profile that the events are associated
       with.

       Here is the syntax of the directives in and

       Event categories are defined using the directive for  base  events  and
       the directive for event aliases.

       Base events are events that are pre-defined by the HP-UX operating sys‐
       tem.  They are always associated with self-auditing  events  that  have
       the  same  name	and/or with a list of system calls with the names that
       are referred to by the HP-UX auditing system.

       Event aliases, distinct from base  events,  are	combinations  of  base
       events, self-auditing events, system calls, and system call aliases.

       The system call name referred to by the auditing system usually matches
       the real system call name with a few exceptions.	 If the system call is
       one  of these exceptions, an alias name may be defined using the direc‐
       tive, and the alias name can be used by and system  call	 level	selec‐
       tion.   For  example, the system call is referred to as the system call
       by the auditing system.	The interface of is not publicly exported, but
       the  security  relevant information of this system call is described in
       this file documents the security relevant information  for  all	system
       calls that have names beginning with a period

       Profiles are defined using the directive.  Profiles can be combinations
       of any events.

       In only and directives are allowed; names picked for or must begin with
       a  uppercase  character and must have at least one lowercase character.
       Adding or at the end of an event name indicates only include successful
       or failed operations.

EXAMPLES
       Here are some example entries that could be in

       Selecting  for  auditing	 enables  audit for the system calls (for both
       pass and fail), (for pass only), and (for fail only).  Note  that  con‐
       tains  and  the fail events covered under Selecting this profile causes
       to be audited for both pass and fail, and to be audited for  fail,  and
       to not be audited at all.

AUTHOR
       was developed by HP.

FILES
       File containing event mapping information

       File containing audit information description for
	      HP-UX internal system calls which are not publicly supported

       File containing site-specific event
	      mapping information

SEE ALSO
       audevent(1M), audisp(1M).

								 audit.conf(4)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net