AudFilter Product pre-filteringFine-grained filtering in the kernel to selectively record the audit records that were generated and stored in the audit trail. This reduces the size of the audit trail and enhances system call pre- and post-filtering by supporting rules-based filtering as a function of other attributes, such as system call parameters (for example, the open(2) oflag parameter), file owner, file system on which a file resides, and system call errno.

AudReport Product post-filteringFine-grained filtering in user space to selectively extract audit records that were generated and stored in the audit trail, and to produce useful reports.

Primary Audit Trail

The current audit trail in which audit records are being written.

Profile

A set of base events defined for a particular type of system (for example, web server and file server).

Secondary Audit Trail

The audit trail in which audit records will be written when certain capacity limits are reached for the Primary Audit Trail.

Self-Auditing Events

An auditable event that describes a series of actions performed by a program in order to provide a more high-level and meaningful description of an event (for example, user login event), instead of a low system call level description provided by a series of System Call Events.

Self-Auditing Program

A privileged program that produces self-auditing events. These are not necessarily Audit Aware Programs.

System Call Events

An auditable event that describes the invocation of a security relevant system call.

25

Page 25
Image 25
HP UX Auditing System Extensions manual