Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
181182183184185186187188189190
to generate audit records. Audit records are generated only if the attributes of a process
match all three entries (role, operation, and object) found in /etc/rbac/aud_filter.
If a user's role and associated authorization are not found in the file or do not explicitly
match, then no audit records specific to role-to-authorization are generated.
Authorized users can edit the /etc/rbac/aud_filter file using a text editor and
specify the role and authorization to be audited. Each authorization is specified in the
form of operation, object pairs. All authorizations associated with a role must be specified
in a single entry. Only one authorization can be specified per role on each line; however,
the * wildcard is supported. The following are the supported entries and format for the
/etc/rbac/aud_filter file:
role, operation, object
The following list explains each of the /etc/rbac/aud_filter entries:
role Any valid role defined in /etc/rbac/roles. If * is specified, all roles
can be accessed by the operation.
operation A specific operation that can be performed on an object. For example,
hpux.printer.add is the operation of adding a printer. Alternatively,
hpux.printer.* is the operation of either adding or deleting a printer.
If * is specified, all operations can be accessed by the operation.
object The object the user can access. If * is specified, all objects can be
accessed by the operation.
The following are example /etc/rbac/aud_filter entries that specify how to
generate audit records for the role of SecurityOfficer with the authorization of
(hpux.passwd, /etc/passwd), and for the Administrator role with authorization
to perform the hpux.printer.add operation on all objects.
SecurityOfficer, hpux.passwd, /etc/passwd
Administrator, hpux.printer.add, *
NOTE: Use an editor such as vi to directly edit the /etc/rbac/aud_filter file.
The HP-UX RBAC administrative commands do not provide an interface to configure
/etc/rbac/aud_filter.
For detailed information about RBAC, roles, operations, and objects, see Chapter 8
9.11.2 Procedure for Auditing HP-UX RBAC Criteria
The following steps describe how to configure an audit process to audit HP-UX RBAC
criteria on the system:
1. Configure the system to audit Passed or Failed events for the Administrator events
by using the following command:
# audevent -PFe admin
9.11 HP-UX RBAC Auditing 189