unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-4.1.3)
Page:
Section:
Apropos / Subsearch:
optional field

AUDITD(8)                   System Manager's Manual                  AUDITD(8)



NAME
       auditd - audit daemon

SYNOPSIS
       /usr/etc/auditd

DESCRIPTION
       The  audit  daemon  controls the generation and location of audit trail
       files.  If the function issecure(3) returns false, the only action that
       auditd  takes is to disable the auditing system; otherwise, auditing is
       set  up  and  started.   If  auditing  is  desired,  auditd  reads  the
       audit_control(5)  file  to  get  a list of directories into which audit
       files can be written and the percentage limit for  how  much  space  to
       reserve on each filesystem before changing to the next directory.

       If auditd receives the signal SIGUSR1, the current audit file is closed
       and another is opened.  If SIGHUP is received, the current audit  trail
       is  closed,  the  audit_control file reread, and a new trail is opened.
       If SIGTERM is received, the audit trail is closed and auditing is  ter-
       minated.   The  program audit(8) sends these signals and is recommended
       for this purpose.

       Each time the audit daemon opens a new audit trail file, it updates the
       file audit_data(5) to include the correct name.

   Auditing Conditions
       The  audit daemon invokes the program audit_warn(8) under the following
       conditions with the indicated options:

       audit_warn soft pathname

              The file system upon which pathname  resides  has  exceeded  the
              minimum  free  space  limit  defined in audit_control(5).  A new
              audit trail has been opened on another file system.

       audit_warn allsoft
              All available file systems have been filled beyond  the  minimum
              free space limit.  A new audit trail has been opened anyway.

       audit_warn hard pathname
              The  file  system  upon which pathname resides has filled or for
              some reason become unavailable.  A  new  audit  trail  has  been
              opened on another file system.

       audit_warn allhard count
              All  available  file systems have been filled or for some reason
              become unavailable.  The audit daemon will repeat this  call  to
              audit_warn  every  twenty seconds until space becomes available.
              count is the number of times that  audit_warn  has  been  called
              since the problem arose.

       audit_warn ebusy
              There is already an audit daemon running.

       audit_warn tmpfile
              The  file  /etc/security/audit/audit_tmp  exists,  indicating  a
              fatal error.

       audit_warn nostart
              The internal system audit condition  is  AUC_FCHDONE.   Auditing
              cannot be started without rebooting the system.

       audit_warn auditoff
              The  internal  system audit condition has been changed to not be
              AUC_AUDITING by someone  other  than  the  audit  daemon.   This
              causes the audit daemon to exit.

       audit_warn postsigterm
              An  error  occurred  during the orderly shutdown of the auditing
              system.

       audit_warn getacdir
              There is a problem getting the directory  list  from  /etc/secu-
              rity/audit/audit_control.

              The  audit  daemon  will hang in a sleep loop until this file is
              fixed.

FILES
       /etc/security/audit/audit_control
       /etc/security/audit/audit_data

SEE ALSO
       auditsvc(2), audit_control(5), audit.log(5), audit(8), audit_warn(8)



                               7 September 1988                      AUDITD(8)