Administrator's Guide
• Self-auditing (Section 9.10)
• HP-UX RBAC auditing (Section 9.11)
9.1 Auditing Components
The auditing feature of HP-UX 11i contains configuration files, commands, and manpages.
These are listed in the following sections.
9.1.1 Commands
Table 9-1 contains a brief description of each auditing command.
Table 9-1 Audit Commands
DescriptionCommand
Changes or displays event or system call status.audevent
Loads, clears, and displays the audit filtering policy.audfilter
Selectively reads and writes audit data, converting the data format in the
process.
auditdp
Displays the audit records.audisp
Sets the audit file monitoring and size parameters.audomon
Starts and stops auditing; sets and displays audit file or directory information.audsys
Selects users to be audited.userdbset
9.1.2 Audit Configuration Files
Table 9-2 contains a brief description of each configuration file associated with the audit
feature.
Table 9-2 Audit Configuration Files
DescriptionFile
File containing pre-defined event classification information./etc/audit/audit.conf
File containing site-specific event classification information./etc/audit/
audit_site.conf
File containing system-wide auditing defaults./etc/default/security
Database containing per-user audit information./var/adm/userdb
File containing configuration information directing audit to start at system
reboot.
/etc/rc.config.d/
auditing
File containing rule-based audit filtering policy./etc/audit/
filter.conf
172 Audit Administration