unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 aud(1m)		  Open Software Foundation		     aud(1m)




 NAME
      aud - A dcecp object that manages the audit daemon on a DCE host

 SYNOPSIS
      aud disable [remote_audit_daemon_name]

      aud enable [remote_audit_daemon_name]

      aud help [operation | -verbose]

      aud modify [remote_audit_daemon_name]
      {-change attribute_list | -attribute value}

      aud operations

      aud rewind [remote_audit_daemon_name]

      aud show [remote_audit_daemon_name] [-attributes]

      aud stop [remote_audit_daemon_name]


 ARGUMENTS
      operation The name of the aud operation for which to display help
		information.

      remote_audit_daemon_name
		By default, operations pertain to the local audit daemon.
		This argument specifies the name or the binding of the
		remote audit daemon to operate on.  The name syntax is as
		follows:

		/.../cellname/hosts/hostname/auditd


		A remote audit daemon can also be specified with a string
		binding for the remote host on which the audit daemon is
		running.  Use a string binding such as the following:

		ncacn_ip_tcp:130.105.1.227[endpoint]

		Alternatively, you can specify the binding by using Tcl
		syntax such as the following:

		{ncacn_ip_tcp 130.105.1.227 1234}


 DESCRIPTION
      The aud object represents the audit daemon (called auditd in the
      reference implementation) on a host.  The daemon creates audit trails
      on a single host.	 Using this command, you can enable or disable a



 Hewlett-Packard Company	    - 1 -	      OSF DCE 1.1/HP DCE 1.8






 aud(1m)		  Open Software Foundation		     aud(1m)




      daemon, change how the daemon acts when the file system storage for
      its audit trail is full, and rewind an audit trail file.

      This command operates on the audit daemon named in the optional
      remote_audit_daemon_name argument. If the argument is not supplied,
      the command operates on the audit daemon named by the _s(aud)
      convenience variable. If the variable is not set, the command operates
      on the audit daemon on the local host.

 ATTRIBUTES
      stostrategy {save | wrap}
		The audit trail storage strategy of the daemon.	 This
		attribute defines what the daemon does if the audit trail
		storage is full.  Its possible values are as follows:


		save	  If the specified trail size limit is reached (the
			  default is 2 MB), auditd saves the current trail
			  file to a new file (this file has the same name as
			  the original trail file, with the date and time
			  appended).  Then, auditd deletes the contents of
			  the original trail file and continues auditing
			  from the beginning of this file. This is the
			  default value for stostrategy.

		wrap	  The daemon overwrites the old audit trails.


      state {enabled | disabled}
		Specifies whether the audit daemon is accepting audit log
		requests.  The values are enabled or disabled. The default
		is enabled.


      See the OSF DCE Administration Guide for more information about audit
      attributes.

 OPERATIONS
    aud disable
      Disables an audit daemon.	 The syntax is as follows:

      aud disable [remote_audit_daemon_name]


      The disable operation disables the audit record logging service of an
      audit daemon and changes its state attribute to disabled. This
      operation returns an empty string on success.

      Privileges Required





 Hewlett-Packard Company	    - 2 -	      OSF DCE 1.1/HP DCE 1.8






 aud(1m)		  Open Software Foundation		     aud(1m)




      You must have c (control) permission on the audit daemon's ACL, and
      you must be authenticated.

      Examples

      dcecp> aud disable
      dcecp>


    aud enable
      Enables an audit daemon.	The syntax is as follows:

      aud enable [remote_audit_daemon_name]


      The enable operation enables the audit record logging service of an
      audit daemon and changes its state attribute to enabled.	This
      operation returns an empty string on success.

      Privileges Required

      You must have c (control) permission on the audit daemon's ACL, and
      you must be authenticated.

      Examples

      dcecp> aud enable
      dcecp>


    aud help
      Returns help information about the aud object and its operations.	 The
      syntax is as follows:

      aud help [operation | -verbose]


      Options


      -verbose	Displays information about the aud object.


      Used without an argument or option, the aud help command returns brief
      information about each aud operation. The optional operation argument
      is the name of an operation about which you want detailed information.
      Alternatively, you can use the -verbose option for more detailed
      information about the aud object itself.

      Privileges Required




 Hewlett-Packard Company	    - 3 -	      OSF DCE 1.1/HP DCE 1.8






 aud(1m)		  Open Software Foundation		     aud(1m)




      No special privileges are needed to use the aud help command.

      Examples

      dcecp> aud help
      disable		  Disables the audit daemon.
      enable		  Enables the audit daemon.
      modify		  Modifies the attributes of the audit daemon.
      rewind		  Rewinds the specified audit trail file to the beginning.
      show		  Returns the attributes of an audit daemon.
      stop		  Stops the audit daemon.
      help		  Prints a summary of command-line options.
      operations	  Returns a list of the valid operations for this command.
      dcecp>


    aud modify
      Changes the values of audit attributes.  The syntax is as follows:

      aud modify [remote_audit_daemon_name]
      {-change attribute_list | -attribute value}


      Options


      -attribute value
		As an alternative to using the -change option with an
		attribute list, you can specify individual attribute options
		by prepending a hyphen (-) to any attribute listed in the
		ATTRIBUTES section of this reference page.

      -change attribute_list
		Allows you to specify attributes by using an attribute list
		rather than individual attribute options. The format of an
		attribute list is as follows:

		{{attribute value}...{attribute value}}


      The modify operation allows modification of the audit daemon
      attributes.  It accepts the -change option which takes an attribute
      list as a value. This operation returns an empty string on success.

      Privileges Required

      You must have c (control) permission on the audit daemon's ACL, and
      you must be authenticated.

      Examples




 Hewlett-Packard Company	    - 4 -	      OSF DCE 1.1/HP DCE 1.8






 aud(1m)		  Open Software Foundation		     aud(1m)




      dcecp> aud modify -change {{stostrategy wrap} {state enabled}}
      dcecp> aud modify -stostrategy wrap -state enabled
      dcecp>


    aud operations
      Returns a list of the operations supported by the aud object. The
      syntax is as follows:

      aud operations


      The list of available operations is in alphabetical order except for
      help and operations, which are listed last.

      Privileges Required

      No special privileges are needed to use the aud operations command.

      Examples

      dcecp> aud operations
      disable enable modify rewind show stop help operations
      dcecp>


    aud rewind
      Rewinds the central audit trail file to the beginning.  The syntax is
      as follows:

      aud rewind [remote_audit_daemon_name]


      The rewind operation by default operates on the central trail file.
      This operation returns an empty string on success.

      Privileges Required

      You must have c (control) permission on the audit daemon's ACL, and
      you must be authenticated.

      Examples

      dcecp> aud rewind
      dcecp>


    aud show
      Returns the attribute list for the audit daemon. The syntax is as
      follows:




 Hewlett-Packard Company	    - 5 -	      OSF DCE 1.1/HP DCE 1.8






 aud(1m)		  Open Software Foundation		     aud(1m)




      aud show [remote_audit_daemon_name] [-attributes]


      Options


      -attributes
		Returns audit daemon attributes.


      The show operation returns the attribute list for the audit daemon.
      The attributes are returned in lexical order.  The -attributes option
      is provided for consistency with other dcecp commands.  It does not
      change the performance of the command.

      Privileges Required

      You must have r (read) permission on the audit daemon, and you must be
      authenticated.

      Examples

      dcecp> aud show
      {stostrategy wrap}
      {state enabled}
      dcecp>


    aud stop
      Stops the audit daemon.  The syntax is as follows:

      aud stop [remote_audit_daemon_name]


      The stop operation stops the audit daemon process.  This operation
      returns an empty string on success.

      Privileges Required

      You must have c (control) permission on the audit daemon, and you must
      be authenticated.

      Examples

      dcecp> aud stop
      dcecp>


 RELATED INFORMATION
      Commands:	     auditd(1m),       dcecp(1m),	dcecp_audevents(1m),
      dcecp_audfilter(1m), dcecp_audtrail(1m).



 Hewlett-Packard Company	    - 6 -	      OSF DCE 1.1/HP DCE 1.8






 aud(1m)		  Open Software Foundation		     aud(1m)




      Files:   aud_audit_events(5),   dts_audit_events(5),   event_class(5),
      sec_audit_events(5).




















































 Hewlett-Packard Company	    - 7 -	      OSF DCE 1.1/HP DCE 1.8