Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ aud(8dce) — DCE 3.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

aud(8dce)  —  Maintenance

NAME

aud  — A dcecp object that manages the audit daemon on a DCE host

SYNOPSIS

aud disable  [remote_audit_daemon_name]

aud enable  [remote_audit_daemon_name]

aud help  [operation | verbose  ]

aud modify  [remote_audit_daemon_name]  {change attribute_list | attribute value }

aud operations

aud rewind  [remote_audit_daemon_name]

aud show  [remote_audit_daemon_name]  [attributes ]

aud stop  [remote_audit_daemon_name]

Arguments

operationThe name of the aud  operation for which to display help information. 

remote_audit_daemon_name
By default, operations pertain to the local audit daemon. The remote_audit_daemon_name argument specifies the name or the binding of the remote audit daemon to operate on.  The name syntax is as follows:

/.../cellname/hosts/hostname/auditd

A remote audit daemon can also be specified with a string binding for the remote host on which the audit daemon is running.  Use a string binding such as the following:

ncacn_ip_tcp:130.105.1.227[endpoint]

Alternatively, you can specify the binding by using dcecp string syntax such as the following:

{ncacn_ip_tcp 130.105.1.227 1234}

Description

The aud  object represents the audit daemon (called auditd  in the reference implementation) on a host.  The daemon creates audit trails on a single host.  Using this command, you can enable or disable a daemon, change how to daemon acts when the file system storage for its audit trails is full, and rewind an audit trail file. 

This command operates on the audit daemon named in the optional remote_audit_daemon_name argument.  If the argument is not supplied, the command operates on the audit daemon named by the _s(aud) convenience variable.  If the variable is not set, the command operates on the audit daemon on the local host. 

Attributes

stostrategy {save | wrap}
The audit trail storage strategy of the daemon.  This attribute defines what the daemon does if the audit trail storage is full.  Its possible values are as follows:

saveIf the specified trail size limit is reached (the default is 2 MB), auditd  saves the current trail file to a new file (this file has the same name as the original trail file, with the date and time appended).  Then, auditd  deletes the contents of the original trail file and continues auditing from the beginning of this file.  This is the default value for stostrategy. 

wrapThe daemon overwrites the old audit trails. 

state {enabled | disabled}
Specifies whether the audit daemon is accepting audit log requests.  The values are enabled or disabled.  The default is enabled. 

See the OSF DCE Administration Guide for more information about audit attributes. 

Errors

A representative list of errors that might be returned is not shown here.  Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages. 

Operations

aud disable

Disables an audit daemon.  The syntax is as follows:

aud disable  [remote_audit_daemon_name]

The disable  operation disables the audit record logging service of an audit daemon and changes its state attribute to disabled.  This operation returns an empty string on success. 

Privileges Required

You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated. 

Examples

dcecp> aud disable
dcecp>

aud enable

Enables an audit daemon.  The syntax is as follows:

aud enable  [remote_audit_daemon_name]

The enable operation enables the audit record logging service of an audit daemon and changes its state attribute to enabled.  This operation returns an empty string on success. 

Privileges Required

You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated. 

Examples

dcecp> aud enable dcecp>

aud help

Returns help information about the aud  object and its operations.  The syntax is as follows:

aud help [operation | verbose ]

Options

verboseDisplays information about the aud  object. 

Used without an argument or option, the aud help  command returns brief information about each aud  operation.  The optional operation argument is the name of an operation about which you want detailed information.  Alternatively, you can use the verbose  option for more detailed information about the aud  object itself. 

Privileges Required

No special privileges are needed to use the aud help  command. 

Examples

dcecp> aud help
disable             Disables the audit daemon.
enable              Enables the audit daemon.
modify              Modifies the attributes of the audit daemon.
rewind              Rewinds the specified audit trail file to the beginning.
show                Returns the attributes of an audit daemon.
stop                Stops the audit daemon.
help                Prints a summary of command-line options.
operations          Returns a list of the valid operations for this command.
dcecp>

aud modify

Changes the values of audit attributes.  The syntax is as follows:

aud modify  [remote_audit_daemon_name] {change  attribute_list | -attribute value}

Options

change  attribute_list
Allows you to specify attributes using an attribute list.

-attribute value
As an alternative to using the change  option with an attribute list, you can change individual attribute options by prepending a hyphen (-) to any attribute listed in the Attributes section of this reference page. 

The modify operation allows modification of the audit daemon attributes.  It accepts the −change option which takes an attribute list as a value. This operation returns an empty string on success. 

Privileges Required

You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated. 

Examples

dcecp> aud modify -change {{stostrategy wrap} {state enabled}}
dcecp> aud modify -stostrategy wrap -state enabled
dcecp>

aud operations

Returns a list of the operations supported by the aud object.  The syntax is as follows:

aud operations

The list of available operations is in alphabetical order except for help  and operations, which are listed last. 

Privileges Required

No special privileges are needed to use the aud operations command. 

Examples

dcecp> aud operations
disable enable modify rewind show stop help operations
dcecp>

aud rewind

Rewinds the central audit trail file to the beginning.  The syntax is as follows:

aud rewind [remote_audit_daemon_name]

The rewind operation by default operates on the central trail file.  This operation returns an empty string on success. 

Privileges Required

You must have c (control) permission on the audit daemon’s ACL, and you must be authenticated. 

Examples

dcecp> aud rewind
dcecp>

aud show

Returns the attribute list for the audit daemon.  The syntax is as follows:

aud show  [remote_audit_daemon_name] [attributes ]

Options

attributesReturns audit daemon attributes. 

The show  operation returns the attribute list for the audit daemon.  The attributes are returned in lexical order.  The attributes  option is provided for consistency with other dcecp  commands.  It does not change the performance of the command. 

Privileges Required

You must have r (read) permission on the audit daemon, and you must be authenticated. 

Examples

dcecp> aud show
{stostrategy wrap}
{state enabled}
dcecp>

aud stop

Stops the audit daemon.  The syntax is as follows:

aud stop  [remote_audit_daemon_name]

The stop operation stops the audit daemon process.  This operation returns an empty string on success. 

Privileges Required

You must have c (control) permission on the audit daemon, and you must be authenticated. 

Examples

dcecp> aud stop
dcecp>

Related Information

Commands: auditd(8sec), audevent(8dce), audfilter(8dce), audtrail(8dce), dcecp(8dce). 

Files: aud_audit_events(5sec), dts_audit_events(5sec), sec_audit_events(5sec), event_class(5sec). 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026