HP UX Auditing System Extensions manual HP-UX 11i v2 and 11i v3 Security

Page 1

HP-UX 11i v2 and 11i v3 Security

Table of contents
Audience	2
Introduction	2
Auditing system overview	3
Architecture	3
Audit tags	5
Audit trail	5
Audit events	5
Audit tunable parameters (HP-UX 11i v3 only)	7
Self-auditing programs	7
Auditing system extensions (HP-UX 11i v3 only)	13
HP-UX Auditing System Administration	14
Installation	14
Configuration	15
Management	18
Writing a DPMS service module	19
Service Provider Interfaces (SPIs)	19
DPMS service module implementation	19
Best practices	19
Audit policy	20
Audit generation and capture	20
Audit retention and storage	21
Audit log analysis	21
Audit log configuration, security, and protection	22
Troubleshooting	22
Glossary	24
For more information	26
Send comments to HP	26

Image 1

Contents HP-UX 11i v2 and 11i v3 Security Configuring and Managing the Auditing SystemIntroduction AudienceAuditing system overview CommandsArchitecture Daemons System callsFiles Audit trail Audit tagsAudit events System call table records Version recordsPID identification records System call audit recordsSelf-auditing programs Audit tunable parameters HP-UX 11i v3 onlyAudit aware Page Newgrp1 modaccess Setfilexsec1M modaccess Could not lock file Networking service = ftp Executing login pid = pid. ipcopenAudit unaware Remote user Usernameunspecified Local SystemDynamically Linked Kernel Modules Auditing system extensions HP-UX 11i v3 onlyAudit Filtering Installation HP-UX Auditing System AdministrationAudit Reporting Configuring users for audit ConfigurationUserdbset command. See userdbset1M and userdb4 Configuring audit filtering Configuring events for auditConfiguring audit settings to be preserved across reboots Role, operation, object Configuring rolesManagement Reads the /etc/rc.config.d/auditing fileEnabling auditing Disabling auditingService Provider Interfaces SPIs Writing a Dpms service moduleDpms service module implementation Best practicesAudit generation and capture Audit policyAudit log analysis Audit retention and storageAudit log configuration, security, and protection TroubleshootingOpt/audit/AudReport/bin Page Audwrite2 GlossaryPage Send comments to HP For more information