HP UX Auditing System Extensions manual

Page 9

audomon: kernel audit daemon has switched auditing to the backup trail

audomon: FreeSpaceSwitch point reached, but audomon failed to switch audit trail

audomon: AuditFileSwitch point reached, but audomon failed to switch audit trail

audomon: failed to update audit trail configuration information in /etc/audit/audnames:current_trail=pathname of current trail

audsys(1M) (admin) audsys: argv1 argvn

audsys: various error condition messages (too many to list here)

audsys: current audit trail directory is changed to pathname

audsys: auditing system started

audsys: auditing system shut-down

authadm(1M), roleadm(1M), cmdprivadm(1M) (admin)

ACCESS CONTROL CHECK:successfulfailed; username=username; program=authadmroleadmcmdprivadm; euid=euid; ruid=ruid; egid=egid; rgid=rgid;

ACCESS CONTROL SUPPRESS:successfulfailed; username=username; program=authadmroleadmcmdprivadm; euid=euid; ruid=ruid; egid=egid; rgid=rgid;

chfn(1) (admin)

User= name Temporary file busy (open or lockf of /etc/ptmp failed) User= name No account for user

User= Current user No passwd file entry User= name Error in chown (of /etc/ptmp) User= name Error in chmod (of /etc/ptmp) User= name Successful chfn

chsh(1) (admin)

User= name shell= shell Permission denied

User= name shell= shell Temporary file busy (open or lockf of /etc/ptmp failed)

User= name shell= shell Can’t create temporary file (/etc/ptmp) User= name shell= shell Can’t recover (can not rename /etc/ptmp to /etc/passwd)

User= name shell= shell Chsh failed

User= name shell= shell Successfully changed

dtlogin(1)

User=name uid= user id audid= audit id attempted to login - too many users on the system

User=name uid= user id audid= audit id attempted to login - bad audit flag

User=name uid= user id audid= audit id attempted to login - bad audit id User=name uid= user id audid= audit id attempted to login - bad group id User=name uid= user id audid= audit id attempted to login - bad user id User=name uid= user id audid= audit id Successful login - no home directory

User=name uid= user id audid= audit id attempted to login - no home directory

User=name uid= user id audid= audit id Successful login User=name uid= user id audid= audit id Failed login (bailout)

9

Page 8 Page 10
Image 9
Page 8 Page 10
Contents HP-UX 11i v2 and 11i v3 Security Configuring and Managing the Auditing SystemIntroduction AudienceCommands Auditing system overviewArchitecture System calls DaemonsFiles Audit tags Audit trailAudit events System call table records Version recordsPID identification records System call audit recordsSelf-auditing programs Audit tunable parameters HP-UX 11i v3 onlyAudit aware Page Newgrp1 modaccess Setfilexsec1M modaccess Could not lock file Networking service = ftp Executing login pid = pid. ipcopenAudit unaware Remote user Usernameunspecified Local SystemAuditing system extensions HP-UX 11i v3 only Dynamically Linked Kernel ModulesAudit Filtering HP-UX Auditing System Administration InstallationAudit Reporting Configuration Configuring users for auditUserdbset command. See userdbset1M and userdb4 Configuring events for audit Configuring audit filteringConfiguring audit settings to be preserved across reboots Role, operation, object Configuring rolesManagement Reads the /etc/rc.config.d/auditing fileEnabling auditing Disabling auditingService Provider Interfaces SPIs Writing a Dpms service moduleDpms service module implementation Best practicesAudit generation and capture Audit policyAudit log analysis Audit retention and storageTroubleshooting Audit log configuration, security, and protectionOpt/audit/AudReport/bin Page Audwrite2 GlossaryPage Send comments to HP For more information
Top Page Image Contents