audit_alias_defs(4M) C2 Trusted DG/UX 5.4.2T audit_alias_defs(4M)
NAME
auditaliasdefs - audit alias definitions
DESCRIPTION
The file /etc/tcb/audit/auditaliasdefs contains definitions for
audit reason, class, and mask aliases.
The auditaliasdefs file has separate sections for reason, class,
and audit mask aliases although the aliases can be defined in any
order as long as an alias is defined before it is used.
Aliases are composed of entries that are position dependent and have
the following format:
name abbrev definition
Fields are separated by spaces or tabs and each entry is delimited by
a newline. Up to 6000 characters per entry are permitted. All names
and abbreviations are case insensitive. Comment lines may be
included by beginning the line with a #. There are no limits (other
than maximum entry size) imposed on the number of entries in the
auditaliasdefs file. The entry fields are:
name This is the full name of the alias. The name must be 1-200
characters in length, contain only alphanumeric characters
or the underscore (_) character, and must start with an
alpha character (A-Z,a-z).
Examples of valid alias names are
FINANCEDEFAULT
DacMask
Mask12345
Examples of invalid alias names are
FINANCE-DEFAULT (no dash permitted)
123Mask (must begin with alpha)
DacMask (must begin with alpha)
abbrev This is a short name (abbreviation) for the alias.
Abbreviations can be up to 200 characters in length, but it
is recommended that they be kept to 8 characters or less.
The abbreviation may contain only alphanumeric characters or
the underscore (_) character, and must start with an alpha
character (A-Z,a-z). A - in this field indicates that no
abbreviation is defined for this alias.
definition
The definition of the alias. A space or tab character
separates the abbreviation (or - if no abbreviation is
given) from the alias definition. The remainder of the
entry (until a newline character) is considered a part of
Licensed material--property of copyright holder(s) 1
audit_alias_defs(4M) C2 Trusted DG/UX 5.4.2T audit_alias_defs(4M)
the definition. The definition syntax varies for each alias
type (reason, class, or audit mask). Alias definitions can
contain other aliases as long as the aliases in the
definition are previously defined, either in this file or in
auditmaskdefs(4M).
Reason alias definitions begin with a colon (:) followed by a list of
one or more reason names or abbreviations from the auditmaskdefs
file or previously defined in this file, separated by commas. If
more than one reason is specified, the list must be enclosed in
parentheses. The following examples are valid reason alias
definitions:
:(SUCCESS, PRIVFAILURE)
:(s,ps,cs)
Class alias definitions consist of a list of one or more class names
or abbreviations from the auditmaskdefs file or previously defined
in this file, separated by commas. If more than one class is
specified, the list must be enclosed in parentheses. The following
examples are valid class alias definitions:
DUP
(login, openmod)
Audit mask alias definitions consist of a list of one or more class
names or abbreviations (with syntax as defined for class aliases
above) followed by one or more reasons (with syntax as defined for
reason aliases above). Note that with this syntax, a colon (:)
separates the class(es) from the reason(s). Audit mask aliases can
also be defined by combining two or more complete masks with plus (+)
or minus (-) operators. (A complete mask has both classes and
reasons.) The + operator "adds" two masks; the resulting mask will
have class/reason pairs from both masks. The - operator "subtracts"
two masks; the resulting mask will have class/reason pairs from the
first mask that are not also in the second mask. The following
examples are valid audit mask definitions, where DEFAULT is an audit
mask alias previously defined in auditaliasdefs:
authcmd:ALL
(fork,exec):allfail
DEFAULT + (exec):allsuccess
DEFAULT - TIMESET:all
DEFAULT:all
The last definition above will turn on all reasons for those classes
already having at least one reason turned on in the mask with the
alias DEFAULT. For example, if DEFAULT is defined to be
"(exec,time_set):all_success", then "DEFAULT:all" is equivalent to
"(exec,time_set):all".
See the Audit System Administrator's Guide for more information on
creating audit mask alias definitions.
Licensed material--property of copyright holder(s) 2
audit_alias_defs(4M) C2 Trusted DG/UX 5.4.2T audit_alias_defs(4M)
SEE ALSO
audadmin(1M), audprint(1M), audselect(1M), auditmaskdefs(4M),
auditeventdefs(4M),
Audit System Administrator's Guide for the C2 Trusted DG/UX System
Licensed material--property of copyright holder(s) 3