Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   10987 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

audit_track_paths(5)					  audit_track_paths(5)

NAME
       audit_track_paths  - enable/disable tracking of current and root direc‐
       tories for auditing subsystem

VALUES
   Failsafe
   Default
   Allowed values
       or

   Recommended values
       if is turned on or is installed,

       otherwise.

DESCRIPTION
       is a dynamic tunable and replaces specific static tunable

       Setting the tunable to enables both and to resolve and report  absolute
       pathnames  for  their accounting purposes.  This also causes additional
       tracking by the kernel, resulting in a small degradation in performance
       (and  increase  in  kernel memory usage), even if auditing subsystem is
       not in use.  Although it is not required, but it is highly  recommended
       to  reboot the system when setting the tunable to with the intention to
       be able to record the absolute pathnames. Otherwise, or may not be able
       to resolve and report absolute pathname consistently.

       When  is	 set  to  will	not  resolve absolute pathnames, while will be
       unable to open the device and  collect  data.   This  is	 because  HIDS
       always expects a complete pathname for its purposes.

       The  tunable  is	 set to state when the system is installed without and
       its value is set to The tunable is set to when is first installed.

   Who Is Expected to Change This Tunable?
       Administrator with proper privileges can change the value of  depending
       on the restrictions stated below.

   Restrictions on Changing
       The  tunable  is	 a  dynamic  tunable  so any changes to this will take
       effect immediately, provided following conditions are satisfied:

       1) If the new tunable value is 0 (and not then will not be able to open
	  the  IDDS  device;  and  therefore,  it  will not be able to run any
	  intrusion  detection	template  that	requires  system  call	 audit
	  records.   This  restriction	is  enforced  to  avoid HIDS reporting
	  incomplete or relative pathnames.

       2) If is opened, then the administrator will not be allowed  to	change
	  the value of the tunable.

       3) If  the  tunable is set to will self-tune its value to when the IDDS
	  device is opened by

       4) If the tunable value is set to will self-tune its value  to  at  the
	  time of turning auditing.

       5) If is already the administrator is not allowed to change the tunable
	  value.

       6) If the administrator changes the tunable value from to a  reboot  of
	  the system is recommended to avoid reporting of partial pathnames by
	  or

   When Should the Tunable Be Turned On?
       The tunable should be turned if either or is going to be started.

   What Are the Side Effects of Turning the Tunable On?
       The name of the current working directory (and root directory) of every
       process	is  tracked, resulting in a change in memory usage and perfor‐
       mance of the system.

   When Should the Tunable Be Turned Off?
       When both and are

   What Are the Side Effects of Turning the Tunable Off?
       When the tunable is is  unable  to  use	any  detection	template  that
       requires	 system	 call  audit  records  (such  as  the "Modification of
       Files/Directories Template").  See HP-UX HIDS  documentation  for  more
       information  about  templates.	Also in this case will report relative
       pathnames in the audit log.

   What Other Tunables Should Be Changed at the Same Time?
       This tunable is independent of other tunables.

WARNINGS
       All HP-UX kernel tunable parameters are release-specific.  This parame‐
       ter  may	 be  removed or have its meaning changed in future releases of
       HP-UX.

       Installation of optional kernel software, from HP or other vendors, may
       cause  changes  to  tunable parameter values.  After installation, some
       tunable parameters may no longer be at the default or recommended  val‐
       ues.  For information about the effects of installation on tunable val‐
       ues, consult the documentation for the kernel software being installed.
       For  information	 about	optional  kernel  software  that  was  factory
       installed on your system, see at

AUTHOR
       was developed by HP.

SEE ALSO
       kctune(1M), audit(5), ids.cf(5).

			   Tunable Kernel Parameters	  audit_track_paths(5)

Vote for polarhome