dts_audit_events(5)dts_audit_events(5)NAMEdts_audit_events - Auditable events for the time services
DESCRIPTION
Code is in place for auditing security-significant events in the Time
Server. Among these events are: Time Service processes Clock readings
Global-set membership (in the Cell Service Profile) Time Service
attributes
Event class definitions, together with filters, control the auditing
execution at these code points. Filters can be updated dynamically.
Filter files are maintained by a per-host audit daemon, and are shared
among all the audit clients on the same host. The dcecp command
interface program is used for maintaining the filters. (See the dcecp
reference page.) The dcecp command is executable by all users and sys‐
tem administrators. The control on who is allowed to modify filters is
done through audit daemon's ACL, which maintains the filters.
The Time Server RPC interfaces that manage the Time Service and request
and provide the time include time_control, time_service, gbl_time_ser‐
vice, and time_provider.
The following are the audit code points in these Time Service inter‐
faces, with their Event Types, Event Classes, and any Event-Specific
Information.
Control Interface (time_control) Operations
The CreateCmd() operation creates the Time Service as a server or a
clerk. The caller must have write access to the management interface.
EVT_CREATE_CMD (0x200, dce_dts_mgt_modify) signed32 servType
The DeleteCmd() operation deletes the Time Service entity from the sys‐
tem where the command is entered. This command stops the process. The
caller must have write access to the management interface.
EVT_DELETE_CMD (0x201, dce_dts_mgt_modif) None
The EnableCmd() operation starts the DTS entity on the local node.
This command makes the server available to the network. The clockSet
argument tells the Time Service whether or not to set the clock after
the first synchronization. The caller must have write access to the
management interface. EVT_ENABLE_CMD (0x202, dce_dts_mgt_modify)
signed32 clockSet
The DisableCmd operation disables the Time Service by making it
unavailable to the network. In the case of servers, it makes it
unavailable to the RPC client trying to talk to it. For clerks, it
stops synchronizing with servers. The caller must have write access to
the management interface. EVT_DISABLE_CMD (0x203, dce_dts_mgt_modify)
None The UpdateCmd() operation gradually adjusts the clock on the local
node to the specified time. The caller must have write access to the
management interface. EVT_UPDATE_CMD (0x204, dce_dts_synch) utc_t
old_time utc_t new_time
The ChangeCmd operation changes the epoch number on the server and
optionally sets the time to a new time. These values are passed in the
argument changeDir. The caller must have write access to the manage‐
ment interface. EVT_CHANGE_CMD (0x205, dce_dts_synch) signed32
old_epoch signed32 new_epoch utc_t old_time utc_t
new_time
The SynchronizeCmd() operation causes the Time Service to synchronize
immediately. If the argument clockSet is true, the clock is set to the
new value after a synchronization. The caller must have write access
to the management interface. EVT_SYNCHRONIZE_CMD (0x206,
dce_dts_synch) signed32 setClock
The AdvertiseCm() operation adds (advertises) this Time Server node as
a member of the global set in the Cell Services Profile. The caller
must have write access to the management interface. EVT_ADVERTISE_CMD
(0x207, dce_dts_mgt_modify) None
The UnadvertiseCmd() operation removes (unadvertises) this Time Server
node as a member of the set of global servers in the Cell Services pro‐
file. The caller must have write access to the management interface.
EVT_UNADVERTISE_CMD (0x208, dce_dts_mgt_modify) None
The SetDefaultCmd() operation, when an attribute with no accompanying
value is passed, sets an attribute to its default value. The attribute
type is passed in the setAttr argument. The caller must have write
access to the management interface. EVT_SET_DEFAULT_CMD (0x209,
dce_dts_mgt_modify) byte useDefault signed32 attribute
The SetAttrCmd() operation, when an attribute and an accompanying value
is passed, sets an attribute to a value given. The attribute type is
passed in setAttr argument and the attribute value in AttrValue argu‐
ment. The caller must have write access to the management interface.
EVT_SET_ATTR_CMD (0x20A, dce_dts_mgt_modif) signed32 attribute signed32
attribute_type
The ShowAttrCmd() operation, when passed an attribute name, queries the
Time Service for the attribute's value. The attribute value is passed
back in the argument attrValue. The caller must have read access to
the management interface. EVT_SHOW_ATTR_CMD (0x20B, dce_dts_mgt_query)
signed32 attribute signed32 attribute_type
The ShowAllCharsCmd() operation, when not passed a group name with the
all value, queries the Time Service for the values of all the charac‐
teristic attributes and values. The caller must have read access to
the management interface. EVT_SHOW_ALL_CHARS_CMD (0x20C,
dce_dts_mgt_query) None
The ShowAllStatusCmd() operation, when passed the all status value,
queries the Time Service for the values of all the status attributes.
The caller must have read access to the management interface.
EVT_SHOW_ALL_STATUS_CMD (0x20D, dce_dts_mgt_query) None
The ShowAllCntrsCmd() operation, when passed the all counters value,
queries the Time Service for the values of all the counters. The call‐
er must have read access to the management interface.
EVT_SHOW_ALL_CNTRS_CMD (0x20E, dce_dts_mgt_query) None
The ShowLocServersCmd() operation, when passed the local servers value,
queries the Time Service for the servers in the local set. A variable
conformant array is used to return the set of local servers available.
The size of the array transmitted over RPC is determined at run-time.
The caller must have read access to the management interface.
EVT_SHOW_LOC_SERVERS_CMD (0x20F, dce_dts_mgt_query) None
The ShowGblServersCmd() operation, when passed the global servers
value, queries the Time Service for the servers in the global set. A
variable conformant array is used to return the set of global servers
available. The caller must have read access to the management inter‐
face. EVT_SHOW_GBL_SERVERS_CMD (0x210, dce_dts_mgt_query) None
Time Provider Interface (time_provider) Operations
Auditable events in the RPC-based Time Provider Program (TPP) inter‐
faces are defined here. These events are invoked by a Time Service
daemon running as a server (in this case it makes an RPC client call to
the TPP server).
The ContactProvider() operation sends initial contact message to the
TPP. The TPP server responds with a control message. This operation
may cause modification of the time server's (not the provider's) clock
and should be defined to be an auditable event in the time server.
There is no access control in the provider for this operation, but the
integrity of the messages is protected. EVT_CONTACT_PROVIDER (0x211,
dce_dts_time_provider) None
The ServerRequestProviderTime() operation has the client send a request
to the TPP for times. The TPP server responds with an array of time
stamps obtained by querying the Time Provider hardware that it polls.
There is no access control in the Time Provider for this operation, but
the integrity of the message is protected. EVT_REQUEST_PROVIDER_TIME
(0x212, dce_dts_time_provider) None
RELATED INFORMATION
Commands: advertise(1m), aud(1m), audfilter(1m), change(1m), cre‐
ate(1m), dcecp(1m). delete(1m), disable(1m), dts_intro(1m), dtsd(1m),
enable(1m), exit(1m), help(1m), quit(1m), set(1m), show(1m), synchro‐
nize(1m), unadvertise(1m), update(1m),
Files: event_class.5, sec_audit_events(5).
dts_audit_events(5)
