*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> sat_echo (1)              


sat_echo(1M)							  sat_echo(1M)

NAME    [Toc]    [Back]

     sat_echo -	echo standard input into the system audit trail

SYNOPSIS    [Toc]    [Back]

     sat_echo {	-F | -S	} satevent

DESCRIPTION    [Toc]    [Back]

     sat_echo inserts the data from its	standard input into the	system audit
     trail.  (Only the first 65535 bytes of standard input are used; the rest
     are discarded.)  Use sat_echo in shell scripts that enforce security
     policy and	must generate audit records.

OPTIONS    [Toc]    [Back]

     Either -F or -S must be supplied, but not both at once.  satevent is a
     required argument.

     The options are:

     -F		The action described by	this audit record failed.

     -S		The action described by	this audit record succeeded.

     satevent	The printed representation of an audit event type, as
		described in sat_strtoevent(3).	 If you	want to	customize the
		audit trail with the addition of event types specific to your
		site, use the sat_ae_custom event type.	 If you	need to
		distinguish between different types of sat_ae_custom events,
		structure the event specific data so that it begins with a
		sub-event type.

EXAMPLE    [Toc]    [Back]

     Suppose a site security officer (SSO) wanted to make sure that the
     auditor was made aware of any changes to system databases in /etc.	 After
     the system	was installed, the SSO would have created a master file
     describing	the /etc tree.

	  find /etc -print | xargs ls -dlM > /var/adm/etc-master

     A shell script is run nightly that	compares the current state of the /etc
     tree with the state when the master was made.  When discrepancies are
     found, an audit record is generated.

	  find /etc -print | xargs ls -dlM > /tmp/etc-tonight
	  diff /var/adm/etc-master /tmp/etc-tonight > /tmp/etc-diff
	  if [ -s /tmp/etc-diff	]
	       sat_echo	-F sat_ae_custom < /tmp/etc-diff
	       echo "Nightly /etc check	shows no discrepancies." | \
	       sat_echo	-S sat_ae_custom

									Page 1

sat_echo(1M)							  sat_echo(1M)

SEE ALSO    [Toc]    [Back]

     satwrite(2), sat_strtoevent(3).

									PPPPaaaaggggeeee 2222
[ Back ]
 Similar pages
Name OS Title
satd IRIX reliably save the system audit trail
audit IRIX system audit trail startup and shutdown script
satconfig IRIX configure the system audit trail to collect particular events
sat_select IRIX preselect events for the system audit trail to gather
sat_reduce IRIX filter interesting records from the system audit trail
dcecp_audtrail HP-UX A dcecp object that converts the audit trail into a readable format
tee Linux read from standard input and write to standard output and files
line Tru64 Reads one line from standard input
read IRIX read a line from standard input
read HP-UX read a line from standard input
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service