audit_warn man page on OpenIndiana

Man page or keyword search:  
man Server   20441 pages
apropos Keyword Search (all sections)
Output format
OpenIndiana logo
[printable version]

audit_warn(1M)		System Administration Commands		audit_warn(1M)

NAME
       audit_warn - audit daemon warning script

SYNOPSIS
       /etc/security/audit_warn [option [arguments]]

DESCRIPTION
       The  audit_warn	utility	 processes  warning or error messages from the
       audit  daemon.  When  a	problem	 is  encountered,  the	audit  daemon,
       auditd(1M)  calls audit_warn with the appropriate arguments. The option
       argument specifies the error type.

       The system administrator can specify a list of mail  recipients	to  be
       notified	 when  an audit_warn situation arises by defining a mail alias
       called audit_warn in aliases(4). The users that make up the  audit_warn
       alias are typically the audit and root users.

OPTIONS
       The following options are supported:

       allhard count

	   Indicates that the hard limit for all filesystems has been exceeded
	   count times. The default action for this option is to send mail  to
	   the audit_warn alias only if the count is 1, and to write a message
	   to the machine console every time. It is recommended that mail  not
	   be  sent every time as this could result in a the saturation of the
	   file system that contains the mail spool directory.

       allsoft

	   Indicates  that  the	 soft  limit  for  all	filesystems  has  been
	   exceeded. The default action for this option is to send mail to the
	   audit_warn alias and to write a message to the machine console.

       auditoff

	   Indicates that someone other than the audit daemon changed the sys‐
	   tem	audit  state  to something other than AUC_AUDITING.  The audit
	   daemon will have exited in this case. The default action  for  this
	   option  is to send mail to the audit_warn alias and to write a mes‐
	   sage to the machine console.

       ebusy

	   Indicates that the audit daemon is  already	running.  The  default
	   action  for this option is to send mail to the audit_warn alias and
	   to write a message to the machine console.

       getacdir count

	   Indicates that there is a problem getting  the  directory  list  or
	   plugin  list from audit_control(4). The audit daemon will hang in a
	   sleep loop until the file is fixed. The  default  action  for  this
	   option  is to send mail to the audit_warn alias only if count is 1,
	   and to write a message to the machine console  every	 time.	It  is
	   recommended	that  mail not be sent every time as this could result
	   in a the saturation of the file system that contains the mail spool
	   directory.

       hard filename

	   Indicates  that  the hard limit for the file has been exceeded. The
	   default action for this option is to send mail  to  the  audit_warn
	   alias and to write a message to the machine console.

       nostart

	   Indicates  that  auditing  could not be started. The default action
	   for this option is to send mail to  the  audit_warn	alias  and  to
	   write  a  message  to  the machine console. Some administrators may
	   prefer to modify audit_warn to reboot the system  when  this	 error
	   occurs.

       plugin name error count text

	   Indicates  that  an	error  occurred during execution of the auditd
	   plugin name. The default action for this option is to send mail  to
	   the	audit_warn alias only if count is 1, and to write a message to
	   the machine console every time. (Separate counts are kept for  each
	   error  type.) It is recommended that mail not be sent every time as
	   this could result in the saturation of the file  system  that  con‐
	   tains  the  mail  spool  directory.	The  text  field  provides the
	   detailed error message passed from the plugin. The error  field  is
	   one of the following strings:

	   load_error	   Unable to load the plugin name.

	   sys_error	   The	plugin	name  is not executing due to a system
			   error such as a lack of resources.

	   config_error	   No plugins loaded (including the binary file	 plug‐
			   in,	audit_binfile(5))  due to configuration errors
			   in audit_control(4). The name string is -- to indi‐
			   cate that no plugin name applies.

	   retry	   The plugin name reports it has encountered a tempo‐
			   rary failure.  For  example,	 the  audit_binfree.so
			   plugin  uses retry to indicate that all directories
			   are full.

	   no_memory	   The plugin name reports a failure due  to  lack  of
			   memory.

	   invalid	   The	plugin	name  reports  it  received an invalid
			   input.

	   failure	   The plugin name has reported an error as  described
			   in text.

       postsigterm

	   Indicates that an error occurred during the orderly shutdown of the
	   audit daemon. The default action for this option is to send mail to
	   the audit_warn alias and to write a message to the machine console.

       soft filename

	   Indicates  that  the soft limit for filename has been exceeded. The
	   default action for this option is to send mail  to  the  audit_warn
	   alias and to write a message to the machine console.

       tmpfile

	   Indicates that the temporary audit file already exists indicating a
	   fatal error. The default action for this option is to send mail  to
	   the audit_warn alias and to write a message to the machine console.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWcs			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Committed			   │
       └─────────────────────────────┴─────────────────────────────┘

       The interface stability is evolving. The file content is unstable.

SEE ALSO
       audit(1M),    auditd(1M),    bsmconv(1M),   aliases(4),	 audit.log(4),
       audit_control(4), attributes(5)

       See the section on Solaris Auditing  in	System	Administration	Guide:
       Security Services.

NOTES
       This  functionality  is	available only if the Solaris Auditing feature
       has been enabled. See bsmconv(1M) for more information.

       If the audit policy perzone is set, the /etc/security/audit_warn script
       for  the	 local	zone  is  used for notifications from the local zone's
       instance of auditd. If the perzone policy is not set, all auditd errors
       are generated by the global zone's copy of /etc/security/audit_warn.

SunOS 5.11			  16 Apr 2008			audit_warn(1M)
[top]

List of man pages available for OpenIndiana

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net