aud(1m) Open Software Foundation aud(1m)
NAME [Toc] [Back]
aud - A dcecp object that manages the audit daemon on a DCE host
SYNOPSIS [Toc] [Back]
aud disable [remote_audit_daemon_name]
aud enable [remote_audit_daemon_name]
aud help [operation | -verbose]
aud modify [remote_audit_daemon_name]
{-change attribute_list | -attribute value}
aud operations
aud rewind [remote_audit_daemon_name]
aud show [remote_audit_daemon_name] [-attributes]
aud stop [remote_audit_daemon_name]
ARGUMENTS [Toc] [Back]
operation The name of the aud operation for which to display help
information.
remote_audit_daemon_name
By default, operations pertain to the local audit daemon.
This argument specifies the name or the binding of the
remote audit daemon to operate on. The name syntax is as
follows:
/.../cellname/hosts/hostname/auditd
A remote audit daemon can also be specified with a string
binding for the remote host on which the audit daemon is
running. Use a string binding such as the following:
ncacn_ip_tcp:130.105.1.227[endpoint]
Alternatively, you can specify the binding by using Tcl
syntax such as the following:
{ncacn_ip_tcp 130.105.1.227 1234}
DESCRIPTION [Toc] [Back]
The aud object represents the audit daemon (called auditd in the
reference implementation) on a host. The daemon creates audit trails
on a single host. Using this command, you can enable or disable a
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
aud(1m) Open Software Foundation aud(1m)
daemon, change how the daemon acts when the file system storage for
its audit trail is full, and rewind an audit trail file.
This command operates on the audit daemon named in the optional
remote_audit_daemon_name argument. If the argument is not supplied,
the command operates on the audit daemon named by the _s(aud)
convenience variable. If the variable is not set, the command operates
on the audit daemon on the local host.
ATTRIBUTES [Toc] [Back]
stostrategy {save | wrap}
The audit trail storage strategy of the daemon. This
attribute defines what the daemon does if the audit trail
storage is full. Its possible values are as follows:
save If the specified trail size limit is reached (the
default is 2 MB), auditd saves the current trail
file to a new file (this file has the same name as
the original trail file, with the date and time
appended). Then, auditd deletes the contents of
the original trail file and continues auditing
from the beginning of this file. This is the
default value for stostrategy.
wrap The daemon overwrites the old audit trails.
state {enabled | disabled}
Specifies whether the audit daemon is accepting audit log
requests. The values are enabled or disabled. The default
is enabled.
See the OSF DCE Administration Guide for more information about audit
attributes.
OPERATIONS [Toc] [Back]
aud disable
Disables an audit daemon. The syntax is as follows:
aud disable [remote_audit_daemon_name]
The disable operation disables the audit record logging service of an
audit daemon and changes its state attribute to disabled. This
operation returns an empty string on success.
Privileges Required [Toc] [Back]
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
aud(1m) Open Software Foundation aud(1m)
You must have c (control) permission on the audit daemon's ACL, and
you must be authenticated.
Examples [Toc] [Back]
dcecp> aud disable
dcecp>
aud enable
Enables an audit daemon. The syntax is as follows:
aud enable [remote_audit_daemon_name]
The enable operation enables the audit record logging service of an
audit daemon and changes its state attribute to enabled. This
operation returns an empty string on success.
Privileges Required [Toc] [Back]
You must have c (control) permission on the audit daemon's ACL, and
you must be authenticated.
Examples [Toc] [Back]
dcecp> aud enable
dcecp>
aud help
Returns help information about the aud object and its operations. The
syntax is as follows:
aud help [operation | -verbose]
Options [Toc] [Back]
-verbose Displays information about the aud object.
Used without an argument or option, the aud help command returns brief
information about each aud operation. The optional operation argument
is the name of an operation about which you want detailed information.
Alternatively, you can use the -verbose option for more detailed
information about the aud object itself.
Privileges Required [Toc] [Back]
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
aud(1m) Open Software Foundation aud(1m)
No special privileges are needed to use the aud help command.
Examples [Toc] [Back]
dcecp> aud help
disable Disables the audit daemon.
enable Enables the audit daemon.
modify Modifies the attributes of the audit daemon.
rewind Rewinds the specified audit trail file to the beginning.
show Returns the attributes of an audit daemon.
stop Stops the audit daemon.
help Prints a summary of command-line options.
operations Returns a list of the valid operations for this command.
dcecp>
aud modify
Changes the values of audit attributes. The syntax is as follows:
aud modify [remote_audit_daemon_name]
{-change attribute_list | -attribute value}
Options [Toc] [Back]
-attribute value
As an alternative to using the -change option with an
attribute list, you can specify individual attribute options
by prepending a hyphen (-) to any attribute listed in the
ATTRIBUTES section of this reference page.
-change attribute_list
Allows you to specify attributes by using an attribute list
rather than individual attribute options. The format of an
attribute list is as follows:
{{attribute value}...{attribute value}}
The modify operation allows modification of the audit daemon
attributes. It accepts the -change option which takes an attribute
list as a value. This operation returns an empty string on success.
Privileges Required [Toc] [Back]
You must have c (control) permission on the audit daemon's ACL, and
you must be authenticated.
Examples [Toc] [Back]
Hewlett-Packard Company - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
aud(1m) Open Software Foundation aud(1m)
dcecp> aud modify -change {{stostrategy wrap} {state enabled}}
dcecp> aud modify -stostrategy wrap -state enabled
dcecp>
aud operations
Returns a list of the operations supported by the aud object. The
syntax is as follows:
aud operations
The list of available operations is in alphabetical order except for
help and operations, which are listed last.
Privileges Required [Toc] [Back]
No special privileges are needed to use the aud operations command.
Examples [Toc] [Back]
dcecp> aud operations
disable enable modify rewind show stop help operations
dcecp>
aud rewind
Rewinds the central audit trail file to the beginning. The syntax is
as follows:
aud rewind [remote_audit_daemon_name]
The rewind operation by default operates on the central trail file.
This operation returns an empty string on success.
Privileges Required [Toc] [Back]
You must have c (control) permission on the audit daemon's ACL, and
you must be authenticated.
Examples [Toc] [Back]
dcecp> aud rewind
dcecp>
aud show
Returns the attribute list for the audit daemon. The syntax is as
follows:
Hewlett-Packard Company - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
aud(1m) Open Software Foundation aud(1m)
aud show [remote_audit_daemon_name] [-attributes]
Options [Toc] [Back]
-attributes
Returns audit daemon attributes.
The show operation returns the attribute list for the audit daemon.
The attributes are returned in lexical order. The -attributes option
is provided for consistency with other dcecp commands. It does not
change the performance of the command.
Privileges Required [Toc] [Back]
You must have r (read) permission on the audit daemon, and you must be
authenticated.
Examples [Toc] [Back]
dcecp> aud show
{stostrategy wrap}
{state enabled}
dcecp>
aud stop
Stops the audit daemon. The syntax is as follows:
aud stop [remote_audit_daemon_name]
The stop operation stops the audit daemon process. This operation
returns an empty string on success.
Privileges Required [Toc] [Back]
You must have c (control) permission on the audit daemon, and you must
be authenticated.
Examples [Toc] [Back]
dcecp> aud stop
dcecp>
RELATED INFORMATION [Toc] [Back]
Commands: auditd(1m), dcecp(1m), dcecp_audevents(1m),
dcecp_audfilter(1m), dcecp_audtrail(1m).
Hewlett-Packard Company - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
aud(1m) Open Software Foundation aud(1m)
Files: aud_audit_events(5), dts_audit_events(5), event_class(5),
sec_audit_events(5).
Hewlett-Packard Company - 7 -OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |