Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
181182183184185186187188189190
audevent Select events to be audited
audisp Display the audit data
audsys Start or halt the auditing system
audusr Select users to be audited
init Change run levels, users logging off
lpsched Schedule line printer requests
fbackup Flexible file backup
ftpd File transfer protocol daemon
remshd Remote shell server daemon
rlogind Remote login server daemon
telnetd Telnet server daemon
privrun Invokes legacy application.
1
privedit Allows authorized users to edit files.
1
roleadm Edits role information.
1
authadm Edits authorization information.
1
cmdprivadm Edits command authorizations and privileges.
1
Most self-auditing programs generate audit data under a single event category. For
example, the audsys command generates the audit data under the admin event. Some
commands generate audit data under multiple event categories. For example, the init
command generates data under the login and admin events.
9.11 HP-UX RBAC Auditing
The privrun, privedit, roleadm, authadm, and cmdprivadm HP-UX RBAC
commands each generate audit records. The following attributes are included in each
audit record:
User name
UID
Role
Authorizations (operation, object)
Time of event
Result of event (success or failure)
9.11.1 Auditing Based on HP-UX RBAC Criteria and the /etc/rbac/aud_filter File
HP-UX RBAC Version B.11.23.02 and later support the use of an audit filter file to identify
specific HP-UX RBAC criteria to audit. You can create a filter file named
/etc/rbac/aud_filter to identify specific roles, operations, and objects for which
1. See Chapter 8 for more information.
188 Audit Administration