Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audadmin(1M) — DG/UX 5.4.2T

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audprint(1M)

audselect(1M)

init(1M)

inittab(4)



audadmin(1M)               C2 Trusted DG/UX 5.4.2T              audadmin(1M)


NAME
       audadmin - perform audit administration functions

SYNOPSIS
       audadmin -o sysmask [alias | mask | -f aliasfile]
       audadmin -o start [-f trailfile ]
       audadmin -o stop
       audadmin -o switch -f trailfile
       audadmin -o query [-c | -h]
       audadmin -o settrail -f trailfile
       audadmin -o flush
       audadmin -o muststart [ on | off ]
       audadmin -o mustaudit [ on | off ]

   where:
       trailfile
              is the name of the file to which audit records should be
              written.
       alias  is an audit alias string.
       mask   is an audit mask string.
       aliasfile
              is the name of file from which to read an audit mask or alias
              string.

DESCRIPTION
       The audadmin command performs the various audit administration
       functions according to the operation chosen.  The options and
       operations are:

       sysmask
              This option sets the system audit mask.  The value following
              sysmask can be a mask string, an alias string, or -f followed
              by the name of a file containing a mask or an alias string.
              The system audit mask will be set to the value given.  If the
              command fails, the system audit mask will remain unchanged.

       start  This turns on auditing.  If a trailfile is given, audit
              records will be written to trailfile.  Otherwise, audit
              records will go to the current trail file.  If auditing is
              already on, the command reports an error.  If the trailfile is
              not a absolute pathname, the system will ask for confirmation
              to assume the trailfile pathname is relative the current
              working directory.

       stop   This option stops auditing, writes a trail tail record, then
              closes the current trail file.  If auditing is already
              stopped, the command reports an error.

       switch This changes trail files without stopping auditing.  trailfile
              becomes the new current trail file.  This option can only be
              used when auditing is on.  If auditing is not currently on,
              the command reports an error.

       query  This prints the current state of the auditing system.  It



Licensed material--property of copyright holder(s)                         1




audadmin(1M)               C2 Trusted DG/UX 5.4.2T              audadmin(1M)


              indicates whether auditing is on, off, or stopped by the
              system (due to an auditing failure), whether the system will
              shutdown upon a startup failure or upon an auditing failure,
              what the current system audit mask is and what the current
              trailspec is.  If the -c option is included, the canonical
              form of the system audit mask will be printed instead of an
              alias.  For example:

              chdir : (S,PS,CS)
              + mkdir : (S,PS,CS)

              If the -h option is included, a hex dump of the audit mask
              will be printed instead of an alias.  (The -c and -h options
              are mutually exclusive.)

       settrail
              Replaces the current trailspec so that when auditing is
              started, the new trailspec will be the current one.  This
              option can be used only when auditing is off.  If auditing is
              not currently off, the command reports an error.

       flush  This option will cause all in-memory audit records to be
              written to the current audit trail file, ensuring that the
              file is up-to-date.  Normally, audit records are buffered in
              memory and written to the trail file only when a buffer is
              filled or auditing is stopped or switched to a new file.  This
              option should be used before invoking audprint on an active
              audit trail file.  This option can only be used when auditing
              is on.  If auditing is not currently on, the command reports
              an error.

       muststart
              This option requires the on or off parameter.  When on, any
              attempts to bring the system out of single-user mode will fail
              if auditing is not on.

       mustaudit
              This option requires the on or off parameter.  When on, the
              system will go to single-user mode if auditing cannot
              continue.
              The system has the concept of a current trailspec.  A
              trailspec (audit trail specification) contains the trail file
              name and other system information about the trail file.  While
              auditing is on, the current trailspec contains the trail
              filename to which the system is writing audit records.  When
              auditing is turned off, the current trailspec remains
              unchanged, thus it will become the active trailspec when
              auditing is turned on again if a new trailspec is not given.
              The current trailspec will change under three conditions.
              One, the settrail operation can be used while auditing is off
              so that the current trailspec will be different when auditing
              is turned back on.  Two, the switch operation can be used
              while auditing is on.  Three, auditing can be started with a
              new trail file specified.  See the Audit System



Licensed material--property of copyright holder(s)                         2




audadmin(1M)               C2 Trusted DG/UX 5.4.2T              audadmin(1M)


              Administrator's Guide for more details.


EXAMPLES
       # audadmin -o sysmask system

       Set the system audit mask to the alias "system".

       # audadmin -o start -f /audit/trailA

       Start auditing to the file /audit/trailA

       # audadmin -o switch -f /audit/trailB

       Switch to the file /audit/trailB.

       # audadmin -o stop

       Stop auditing.  After this, no more audit records will be collected
       until auditing is restarted.

       # audadmin -o muststart on

       Set the muststart flag to "on."  All attempts to bring the system out
       of single-user mode will fail if auditing is not on.  If you use this
       option, make sure that /etc/inittab is configured to start auditing.

       # audadmin -o mustaudit off

       Set the mustaudit flag to "off."  If auditing cannot continue, the
       system will run without auditing.

       # audadmin -o query
       Auditing is OFF
       Must start: OFF
       Must audit: ON
       System audit mask: SYSTEM
       Filename: /audit/TrailB

       Print the audit system state.  Note that the last trail file name is
       preserved.  If auditing is restarted and no new trail file name is
       given, the current one, /audit/TrailB will be used.

FILES
       /etc/tcb/audit/auditmaskdefs  File of basic aliases for classes and
                                       reasons.

       /etc/tcb/audit/auditaliasdefs  File defining additional audit
                                        aliases.

       /etc/inittab  Script for init(1m).

DIAGNOSTICS
       Exit status is 0 if successful, 1 on error.



Licensed material--property of copyright holder(s)                         3




audadmin(1M)               C2 Trusted DG/UX 5.4.2T              audadmin(1M)


SEE ALSO
       audprint(1M), audselect(1M), auditaliasdefs(4M),
       auditmaskdefs(4M), init(1M), inittab(4).

       Audit System Administrator's Guide for the C2 Trusted DG/UX System.




















































Licensed material--property of copyright holder(s)                         4


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026