Commands

Table 6-5 “Audit Commands” contains a brief description of each auditing command.

Table 6-5 Audit Commands

Command

Description

audevent

Changes or displays event or system call status.

audisp

Displays the audit records.

audomon

Sets the audit file monitoring and size parameters.

audsys

Starts and stops auditing; sets and displays audit file or directory information.

userdbset

Selects users to be audited by specifying the AUDIT_FLAG=1 option.

Manpages

Table 6-6 “Audit Manpages” contains a brief description of each manpage associated with the auditing feature.

Table 6-6 Audit Manpages

Manpage

Description

audevent(1M)

Describes audevent functionality and syntax.

audisp(1M)

Describes audisp functionality and syntax.

audomon(1M)

Describes audomon functionality and syntax.

audsys(1M)

Describes audsys functionality and syntax.

userdbset(1M)

Describes userdbset functionality and syntax.

audit(5)

Gives introductory information about HP-UX auditing.

Auditing Your System

Use the following three procedures to plan, enable, and monitor auditing on your system.

Step 1: Planning Your Auditing Implementation

To plan your auditing implementation, follow these steps:

1.Determine which users to audit. By default, all users are selected for auditing.

2.Determine which events to audit. Use the audevent command to display a list of events and system calls that are currently selected for auditing.

3.Decide where you want to place the audit log files (audit trails) on your system. For more information on configuring your audit log files, refer to “Audit Log Files”.

4.Create a strategy to archive and back up audit files. Audit files often take up a lot of disk space and can overflow if you do not carefully plan file management.

For additional information about auditing system performance and administration that can help you plan your auditing implementation, refer to “Performance Considerations” and “Guidelines for Administering Your Auditing System”.

Step 2: Enabling Auditing

To enable auditing on your system, follow these steps:

Auditing 75

Page 75
Image 75
HP UX 11i Role-based Access Control (RBAC) Software manual Auditing Your System, Planning Your Auditing Implementation