HP UX Auditing System Extensions manual Auditing system overview, Architecture, Commands

Page 3

Auditing system overview

This section describes the HP-UX Auditing System architecture and provides a high-level description of the major HP-UX Auditing System components. For a complete introduction and overview of HP-UX Auditing System, see audit(5).

Architecture

Figure 1 shows the main user-space and kernel-space components of the HP-UX Auditing System on HP-UX 11i v2 and 11i v3. Components that are only available on HP-UX 11i v3 are labeled.

Figure 1. HP-UX Auditing System Architecture

HP-UX Auditing System consists of commands, daemons, configuration files, data files, libraries, kernel modules, and system calls. The following HP-UX Auditing System components are standard on HP-UX 11i v2 and 11i v3.

Commands

audsys(1M) — Starts and halts the auditing system, sets and displays the auditing system status information, and specifies the primary and secondary audit trails and their size switches.

audevent(1M) — Changes and displays the auditing selection status of profiles, events, and system calls.

3

Page 2 Page 4
Image 3
Page 2 Page 4
Contents HP-UX 11i v2 and 11i v3 Security Configuring and Managing the Auditing SystemIntroduction AudienceCommands Auditing system overviewArchitecture System calls DaemonsFiles Audit tags Audit trailAudit events System call audit records Version recordsSystem call table records PID identification recordsSelf-auditing programs Audit tunable parameters HP-UX 11i v3 onlyAudit aware Page Newgrp1 modaccess Setfilexsec1M modaccess Could not lock file Remote user Usernameunspecified Local System Executing login pid = pid. ipcopenNetworking service = ftp Audit unawareAuditing system extensions HP-UX 11i v3 only Dynamically Linked Kernel ModulesAudit Filtering HP-UX Auditing System Administration InstallationAudit Reporting Configuration Configuring users for auditUserdbset command. See userdbset1M and userdb4 Configuring events for audit Configuring audit filteringConfiguring audit settings to be preserved across reboots Role, operation, object Configuring rolesDisabling auditing Reads the /etc/rc.config.d/auditing fileManagement Enabling auditingBest practices Writing a Dpms service moduleService Provider Interfaces SPIs Dpms service module implementationAudit generation and capture Audit policyAudit log analysis Audit retention and storageTroubleshooting Audit log configuration, security, and protectionOpt/audit/AudReport/bin Page Audwrite2 GlossaryPage Send comments to HP For more information
Top Page Image Contents