aud(8dce) — Maintenance
NAME
aud — A dcecp object that manages the audit daemon on a DCE host
SYNOPSIS
aud disable [remote_audit_daemon_name]
aud enable [remote_audit_daemon_name]
aud help [operation | verbose ]
aud modify [remote_audit_daemon_name] {change attribute_list | attribute value }
aud operations
aud rewind [remote_audit_daemon_name]
aud show [remote_audit_daemon_name] [attributes ]
aud stop [remote_audit_daemon_name]
Arguments
operationThe name of the aud operation for which to display help information.
remote_audit_daemon_name
By default, operations pertain to the local audit daemon. The remote_audit_daemon_name argument specifies the name or the binding of the remote audit daemon to operate on. The name syntax is as follows:
/.../cellname/hosts/hostname/auditd
A remote audit daemon can also be specified with a string binding for the remote host on which the audit daemon is running. Use a string binding such as the following:
ncacn_ip_tcp:130.105.1.227[endpoint]
Alternatively, you can specify the binding by using dcecp string syntax such as the following:
{ncacn_ip_tcp 130.105.1.227 1234}
Description
The aud object represents the audit daemon (called auditd in the reference implementation) on a host. The daemon creates audit trails on a single host. Using this command, you can enable or disable a daemon, change how to daemon acts when the file system storage for its audit trails is full, and rewind an audit trail file.
This command operates on the audit daemon named in the optional remote_audit_daemon_name argument. If the argument is not supplied, the command operates on the audit daemon named by the _s(aud) convenience variable. If the variable is not set, the command operates on the audit daemon on the local host.
Attributes
stostrategy {save | wrap}
The audit trail storage strategy of the daemon. This attribute defines what the daemon does if the audit trail storage is full. Its possible values are as follows:
saveIf the specified trail size limit is reached (the default is 2 MB), auditd saves the current trail file to a new file (this file has the same name as the original trail file, with the date and time appended). Then, auditd deletes the contents of the original trail file and continues auditing from the beginning of this file. This is the default value for stostrategy.
wrapThe daemon overwrites the old audit trails.
state {enabled | disabled}
Specifies whether the audit daemon is accepting audit log requests. The values are enabled or disabled. The default is enabled.
See the OSF DCE Administration Guide for more information about audit attributes.
Errors
A representative list of errors that might be returned is not shown here. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
Operations
aud disable
Disables an audit daemon. The syntax is as follows:
aud disable [remote_audit_daemon_name]
The disable operation disables the audit record logging service of an audit daemon and changes its state attribute to disabled. This operation returns an empty string on success.
Privileges Required
You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated.
Examples
dcecp> aud disable
dcecp>
aud enable
Enables an audit daemon. The syntax is as follows:
aud enable [remote_audit_daemon_name]
The enable operation enables the audit record logging service of an audit daemon and changes its state attribute to enabled. This operation returns an empty string on success.
Privileges Required
You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated.
Examples
dcecp> aud enable dcecp>
aud help
Returns help information about the aud object and its operations. The syntax is as follows:
aud help [operation | verbose ]
Options
verboseDisplays information about the aud object.
Used without an argument or option, the aud help command returns brief information about each aud operation. The optional operation argument is the name of an operation about which you want detailed information. Alternatively, you can use the verbose option for more detailed information about the aud object itself.
Privileges Required
No special privileges are needed to use the aud help command.
Examples
dcecp> aud help
disable Disables the audit daemon.
enable Enables the audit daemon.
modify Modifies the attributes of the audit daemon.
rewind Rewinds the specified audit trail file to the beginning.
show Returns the attributes of an audit daemon.
stop Stops the audit daemon.
help Prints a summary of command-line options.
operations Returns a list of the valid operations for this command.
dcecp>
aud modify
Changes the values of audit attributes. The syntax is as follows:
aud modify [remote_audit_daemon_name] {change attribute_list | -attribute value}
Options
change attribute_list
Allows you to specify attributes using an attribute list.
-attribute value
As an alternative to using the change option with an attribute list, you can change individual attribute options by prepending a hyphen (-) to any attribute listed in the Attributes section of this reference page.
The modify operation allows modification of the audit daemon attributes. It accepts the −change option which takes an attribute list as a value. This operation returns an empty string on success.
Privileges Required
You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated.
Examples
dcecp> aud modify -change {{stostrategy wrap} {state enabled}}
dcecp> aud modify -stostrategy wrap -state enabled
dcecp>
aud operations
Returns a list of the operations supported by the aud object. The syntax is as follows:
aud operations
The list of available operations is in alphabetical order except for help and operations, which are listed last.
Privileges Required
No special privileges are needed to use the aud operations command.
Examples
dcecp> aud operations
disable enable modify rewind show stop help operations
dcecp>
aud rewind
Rewinds the central audit trail file to the beginning. The syntax is as follows:
aud rewind [remote_audit_daemon_name]
The rewind operation by default operates on the central trail file. This operation returns an empty string on success.
Privileges Required
You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated.
Examples
dcecp> aud rewind
dcecp>
aud show
Returns the attribute list for the audit daemon. The syntax is as follows:
aud show [remote_audit_daemon_name] [attributes ]
Options
attributesReturns audit daemon attributes.
The show operation returns the attribute list for the audit daemon. The attributes are returned in lexical order. The attributes option is provided for consistency with other dcecp commands. It does not change the performance of the command.
Privileges Required
You must have r (read) permission on the audit daemon, and you must be authenticated.
Examples
dcecp> aud show
{stostrategy wrap}
{state enabled}
dcecp>
aud stop
Stops the audit daemon. The syntax is as follows:
aud stop [remote_audit_daemon_name]
The stop operation stops the audit daemon process. This operation returns an empty string on success.
Privileges Required
You must have c (control) permission on the audit daemon, and you must be authenticated.
Examples
dcecp> aud stop
dcecp>
Related Information
Commands: auditd(8sec), audevent(8dce), audfilter(8dce), audtrail(8dce), dcecp(8dce).
Files: aud_audit_events(5sec), dts_audit_events(5sec), sec_audit_events(5sec), event_class(5sec).