*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> dts_audit_events (5)              
Title
Content
Arch
Section
 

Contents


 dts_audit_events(5)                 OSF                 dts_audit_events(5)




 NAME    [Toc]    [Back]
      dts_audit_events - Auditable events for the time services

 DESCRIPTION    [Toc]    [Back]
      Code is in place for auditing security-significant events in the Time
      Server.  Among these events are:


        +  Time Service processes

        +  Clock readings

        +  Global-set membership (in the Cell Service Profile)

        +  Time Service attributes


      Event class definitions, together with filters, control the auditing
      execution at these code points.  Filters can be updated dynamically.
      Filter files are maintained by a per-host audit daemon, and are shared
      among all the audit clients on the same host.   The dcecp command
      interface program is used for maintaining the filters.  (See the dcecp
      reference page.)  The dcecp command is executable by all users and
      system administrators.  The control on who is allowed to modify
      filters is done through audit daemon's ACL, which maintains the
      filters.

      The Time Server RPC interfaces that manage the Time Service and
      request and provide the time include  time_control, time_service,
      gbl_time_service, and time_provider.

      The following are the audit code points in these Time Service
      interfaces, with their Event Types, Event Classes, and any EventSpecific
 Information.

    Control Interface (time_control) Operations    [Toc]    [Back]
      The CreateCmd() operation creates the Time Service as a server or a
      clerk.  The caller must have write access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_CREATE_CMD (0x200, dce_dts_mgt_modify)


                Event-Specific Information

                          signed32 servType


      The DeleteCmd() operation deletes the Time Service entity from the
      system where the command is entered.  This command stops the process.



 Hewlett-Packard Company            - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 dts_audit_events(5)      Open Software Foundation       dts_audit_events(5)




      The caller must have write access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_DELETE_CMD (0x201, dce_dts_mgt_modif)


                Event-Specific Information
                          None


      The EnableCmd() operation starts the DTS entity on the local node.
      This command makes the server available to the network.  The clockSet
      argument tells the Time Service whether or not to set the clock after
      the first synchronization.  The caller must have write access to the
      management interface.


      Event Type (Event Number, Event Classes)
                EVT_ENABLE_CMD (0x202, dce_dts_mgt_modify)


                Event-Specific Information

                          signed32 clockSet


      The DisableCmd operation disables the Time Service by making it
      unavailable to the network.  In the case of servers, it makes it
      unavailable to the RPC client trying to talk to it.  For clerks, it
      stops synchronizing with servers.  The caller must have write access
      to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_DISABLE_CMD (0x203, dce_dts_mgt_modify)


                Event-Specific Information
                          None

      The UpdateCmd() operation gradually adjusts the clock on the local
      node to the specified time.  The caller must have write access to the
      management interface.


      Event Type (Event Number, Event Classes)
                EVT_UPDATE_CMD (0x204, dce_dts_synch)






 Hewlett-Packard Company            - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 dts_audit_events(5)      Open Software Foundation       dts_audit_events(5)




                Event-Specific Information

                          utc_t   old_time
                          utc_t   new_time


      The ChangeCmd operation changes the epoch number on the server and
      optionally sets the time to a new time.  These values are passed in
      the argument changeDir.  The caller must have write access to the
      management interface.


      Event Type (Event Number, Event Classes)
                EVT_CHANGE_CMD (0x205, dce_dts_synch)


                Event-Specific Information

                          signed32        old_epoch
                          signed32        new_epoch
                          utc_t           old_time
                          utc_t           new_time


      The SynchronizeCmd() operation causes the Time Service to synchronize
      immediately.  If the argument clockSet is true, the clock is set to
      the new value after a synchronization.  The caller must have write
      access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_SYNCHRONIZE_CMD (0x206, dce_dts_synch)


                Event-Specific Information

                          signed32 setClock


      The AdvertiseCm() operation adds (advertises) this Time Server node as
      a member of the global set in the Cell Services Profile.  The caller
      must have write access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_ADVERTISE_CMD (0x207, dce_dts_mgt_modify)


                Event-Specific Information
                          None




 Hewlett-Packard Company            - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 dts_audit_events(5)      Open Software Foundation       dts_audit_events(5)




      The UnadvertiseCmd() operation removes (unadvertises) this Time Server
      node as a member of the set of global servers in the Cell Services
      profile.  The caller must have write access to the management
      interface.


      Event Type (Event Number, Event Classes)
                EVT_UNADVERTISE_CMD (0x208, dce_dts_mgt_modify)


                Event-Specific Information
                          None


      The SetDefaultCmd() operation, when an attribute with no accompanying
      value is passed, sets an attribute to its default value.  The
      attribute type is passed in the setAttr argument.  The caller must
      have write access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_SET_DEFAULT_CMD (0x209, dce_dts_mgt_modify)


                Event-Specific Information

                          byte useDefault
                          signed32 attribute


      The SetAttrCmd() operation, when an attribute and an accompanying
      value is passed, sets an attribute to a value given.  The attribute
      type is passed in setAttr argument and the attribute value in
      AttrValue argument.  The caller must have write access to the
      management interface.


      Event Type (Event Number, Event Classes)
                EVT_SET_ATTR_CMD (0x20A, dce_dts_mgt_modif)


                Event-Specific Information

                          signed32 attribute
                          signed32 attribute_type


      The ShowAttrCmd() operation, when passed an attribute name, queries
      the Time Service for the attribute's value.  The attribute value is
      passed back in the argument attrValue.  The caller must have read
      access to the management interface.



 Hewlett-Packard Company            - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 dts_audit_events(5)      Open Software Foundation       dts_audit_events(5)




      Event Type (Event Number, Event Classes)
                EVT_SHOW_ATTR_CMD (0x20B, dce_dts_mgt_query)


                Event-Specific Information

                          signed32 attribute
                          signed32 attribute_type


      The ShowAllCharsCmd() operation, when not passed a group name with the
      all value, queries the Time Service for the values of all the
      characteristic attributes and values.  The caller must have read
      access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_SHOW_ALL_CHARS_CMD (0x20C, dce_dts_mgt_query)


                Event-Specific Information
                          None


      The ShowAllStatusCmd() operation, when passed the all status value,
      queries the Time Service for the values of all the status attributes.
      The caller must have read access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_SHOW_ALL_STATUS_CMD (0x20D, dce_dts_mgt_query)


                Event-Specific Information
                          None


      The ShowAllCntrsCmd() operation, when passed the all counters value,
      queries the Time Service for the values of all the counters.  The
      caller must have read access to the management interface.


      Event Type (Event Number, Event Classes)
                EVT_SHOW_ALL_CNTRS_CMD (0x20E, dce_dts_mgt_query)


                Event-Specific Information
                          None






 Hewlett-Packard Company            - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 dts_audit_events(5)      Open Software Foundation       dts_audit_events(5)




      The ShowLocServersCmd() operation, when passed the local servers
      value, queries the Time Service for the servers in the local set.  A
      variable conformant array is used to return the set of local servers
      available.  The size of the array transmitted over RPC is determined
      at run-time.  The caller must have read access to the management
      interface.


      Event Type (Event Number, Event Classes)
                EVT_SHOW_LOC_SERVERS_CMD (0x20F, dce_dts_mgt_query)


                Event-Specific Information
                          None


      The ShowGblServersCmd() operation, when passed the global servers
      value, queries the Time Service for the servers in the global set.  A
      variable conformant array is used to return the set of global servers
      available.  The caller must have read access to the management
      interface.


      Event Type (Event Number, Event Classes)
                EVT_SHOW_GBL_SERVERS_CMD (0x210, dce_dts_mgt_query)


                Event-Specific Information
                          None


    Time Provider Interface (time_provider) Operations    [Toc]    [Back]
      Auditable events in the RPC-based Time Provider Program (TPP)
      interfaces are defined here.  These events are invoked by a Time
      Service daemon running as a server (in this case it makes an RPC
      client call to the TPP server).

      The ContactProvider() operation sends initial contact message to the
      TPP.  The TPP server responds with a control message.  This operation
      may cause modification of the time server's (not the provider's) clock
      and should be defined to be an auditable event in the time server.
      There is no access control in the provider for this operation, but the
      integrity of the messages is protected.


      Event Type (Event Number, Event Classes)
                EVT_CONTACT_PROVIDER (0x211, dce_dts_time_provider)


                Event-Specific Information
                          None



 Hewlett-Packard Company            - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 dts_audit_events(5)      Open Software Foundation       dts_audit_events(5)




      The ServerRequestProviderTime() operation has the client send a
      request to the TPP for times.  The TPP server responds with an array
      of time stamps obtained by querying the Time Provider hardware that it
      polls.  There is no access control in the Time Provider for this
      operation, but the integrity of the message is protected.


      Event Type (Event Number, Event Classes)
                EVT_REQUEST_PROVIDER_TIME (0x212, dce_dts_time_provider)


                Event-Specific Information
                          None


 RELATED INFORMATION    [Toc]    [Back]
      Commands: advertise(1m), aud(1m), audfilter(1m), change(1m),
      create(1m), dcecp(1m).  delete(1m), disable(1m), dts_intro(1m),
      dtsd(1m), enable(1m), exit(1m), help(1m), quit(1m), set(1m), show(1m),
      synchronize(1m), unadvertise(1m), update(1m),

      Files: event_class.5, sec_audit_events(5).


 Hewlett-Packard Company            - 7 -OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
[ Back ]
 Similar pages
Name OS Title
aud_audit_events HP-UX Auditable events for the audit services
sec_audit_events HP-UX Auditable events for the security services
getservent Tru64 Get a services file entry from the /etc/services file.
getservent_r Tru64 Get a services file entry from the /etc/services file.
create_link HP-UX Creates a soft link and optionally specifies an expiration time and an extension time
vxfs_ifree_timelag HP-UX VxFS inode free time lag (specifies the minimum time to be spent on a freelist)
evmsort Tru64 Sorts events
evmwatch Tru64 Monitors EVM events
sleep FreeBSD wait for events
evmviewer Tru64 View events
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service