home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
IRIX 5.3 for Indy R4400
/
IRIX 5.3 for Indy R4400 175MHz.img
/
dist
/
eoe2.idb
/
usr
/
share
/
catman
/
a_man
/
cat1
/
audit.z
/
audit
Wrap
Text File
|
1995-02-28
|
5KB
|
132 lines
AAAAUUUUDDDDIIIITTTT((((1111MMMM)))) AAAAUUUUDDDDIIIITTTT((((1111MMMM))))
NNNNAAAAMMMMEEEE
audit - system audit trail startup and shutdown script
SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
////eeeettttcccc////iiiinnnniiiitttt....dddd////aaaauuuuddddiiiitttt [ ssssttttaaaarrrrtttt | ssssttttoooopppp ]
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
The _a_u_d_i_t shell script is called during system startup from /_e_t_c/_r_c_2 to
start the system audit trail daemon, _s_a_t_d(1m), and enable auditing of
predefined audit events (using _s_a_t__s_e_l_e_c_t(1m)). The script is called
during system shutdown from /_e_t_c/_r_c_0 to gracefully kill the daemon and
disable auditing.
Note that, as installed, auditing is off by default, and must be enabled
as described in configuration flags, below. In addition, once auditing
has been enabled via _c_h_k_c_o_n_f_i_g(1m), the system should be rebooted to
enable auditing from system startup. At a minimum, "////eeeettttcccc////iiiinnnniiiitttt....dddd////aaaauuuuddddiiiitttt
ssssttttaaaarrrrtttt" must be executed by root before any auditing will actually take
place.
When called with the _s_t_a_r_t argument, the _a_u_d_i_t script does the following
(provided that auditing has been enabled):
+o Looks for any "emergency files" (see _s_a_t_d(1m)) and issues a warning if
it finds any.
+o Ensures that _s_a_t_d and _s_a_t__s_e_l_e_c_t are executable.
+o Starts the audit daemon, _s_a_t_d.
+o Enables auditing of pre-defined audit events.
When called with the _s_t_o_p argument, the _a_u_d_i_t script gracefully
terminates the sat daemon and disables auditing of all events.
CCCCOOOONNNNFFFFIIIIGGGGUUUURRRRAAAATTTTIIIIOOOONNNN FFFFLLLLAAAAGGGGSSSS
The audit subsystem is enabled if its configuration flag in the
/_e_t_c/_c_o_n_f_i_g directory in the ``on'' state. The configuration flag file
for auditing is /_e_t_c/_c_o_n_f_i_g/_a_u_d_i_t. If a flag file is missing, the flag
is considered off. Use the _c_h_k_c_o_n_f_i_g(1m) command to turn a flag on or
off. For example,
chkconfig audit on
enables auditing. When invoked without arguments, _c_h_k_c_o_n_f_i_g prints the
state of all known flags.
There is a special flag, _v_e_r_b_o_s_e. The verbose flag controls the printing
of the names of daemons as they are started.
PPPPaaaaggggeeee 1111
AAAAUUUUDDDDIIIITTTT((((1111MMMM)))) AAAAUUUUDDDDIIIITTTT((((1111MMMM))))
CCCCOOOONNNNFFFFIIIIGGGGUUUURRRRAAAATTTTIIIIOOOONNNN FFFFLLLLAAAAGGGGSSSS
Site-dependent options for satd and sat_select belong in ``options''
files in /_e_t_c/_c_o_n_f_i_g. The option file for _s_a_t_d is _s_a_t_d._o_p_t_i_o_n_s and the
option file for _s_a_t__s_e_l_e_c_t is _s_a_t__s_e_l_e_c_t._o_p_t_i_o_n_s. These files contain
options that their respective command will be run with to override the
defaults. See the _I_R_I_X _A_d_v_a_n_c_e_d _S_i_t_e _a_n_d _S_e_r_v_e_r _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e and
the program's manual page in section 1M for details on valid options.
FFFFIIIILLLLEEEESSSS
/etc/init.d/audit
/etc/rc0.d/K40audit linked to /etc/init.d/audit
/etc/rc2.d/S30audit linked to /etc/init.d/audit
/etc/config configuration flags and options files
SSSSEEEEEEEE AAAALLLLSSSSOOOO
satconfig(1M), sat_echo(1M), sat_interpret(1M), sat_reduce(1M),
sat_select(1M), sat_summarize(1M), satd(1M), rc0(1M), rc2(1M)
_I_R_I_X _A_d_v_a_n_c_e_d _S_i_t_e _a_n_d _S_e_r_v_e_r _A_d_m_i_n_i_s_t_r_a_t_i_o_n _G_u_i_d_e.
PPPPaaaaggggeeee 2222
