NTHREADS – The number of log files that compose an audit trail. The recommended value is the number of processors on a system divided by two.
•Audevent settings – Arguments to the audevent command
–AUDEVENT_ARGS1 describes those events that are audited for both success and failure.
–AUDEVENT_ARGS2 describes those events that are success only.
–AUDEVENT_ARGS3 describes those events that are failure only.
–AUDEVENT_ARGS4 describes those events that are audited for neither success nor failure.
•Audomon settings
AUDOMON_ARGS describes arguments to the audomon daemon.
Configuring roles
You can base auditing on
Authorized users can edit the /etc/rbac/aud_filter file using a text editor and specify the role and authorization to be audited. Each authorization is specified in the form of operation, object pairs. All authorizations associated with a role must be specified in a single entry. You can specify only one authorization per role on each line; however, the wildcard character (*) is supported. The following are the supported entries and format for the /etc/rbac/aud_filter file:
role, operation, object
•role – Any valid role defined in /etc/rbac/roles. If * is specified, all roles can be accessed by the operation.
•operation – A specific operation that can be performed on an object. For example, hpux.printer.add is the operation of adding a printer. Alternatively, hpux.printer.* is the operation of either adding or deleting a printer. If * is specified, all operations can be accessed by the operation.
•object – The object the user can access. If * is specified, all objects can be accessed by the operation.
The following are examples of /etc/rbac/aud_filter entries that specify how to generate audit records for the role of SecurityOfficer with the authorization of (hpux.passwd, /etc/passwd), and for the Administrator role with authorization to perform the hpux.printer.add operation on all objects:
SecurityOfficer, hpux.passwd, /etc/passwd
Administrator, hpux.printer.add, *
Note
When
17