Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audit_alias_defs(4M) — DG/UX 5.4.2T

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audadmin(1M)

audprint(1M)

audselect(1M)



audit_alias_defs(4M)       C2 Trusted DG/UX 5.4.2T      audit_alias_defs(4M)


NAME
       auditaliasdefs - audit alias definitions

DESCRIPTION
       The file /etc/tcb/audit/auditaliasdefs contains definitions for
       audit reason, class, and mask aliases.

       The auditaliasdefs file has separate sections for reason, class,
       and audit mask aliases although the aliases can be defined in any
       order as long as an alias is defined before it is used.

       Aliases are composed of entries that are position dependent and have
       the following format:

              name    abbrev    definition

       Fields are separated by spaces or tabs and each entry is delimited by
       a newline.  Up to 6000 characters per entry are permitted.  All names
       and abbreviations are case insensitive.  Comment lines may be
       included by beginning the line with a #.  There are no limits (other
       than maximum entry size) imposed on the number of entries in the
       auditaliasdefs file.  The entry fields are:


       name     This is the full name of the alias.  The name must be 1-200
                characters in length, contain only alphanumeric characters
                or the underscore (_) character, and must start with an
                alpha character (A-Z,a-z).

                Examples of valid alias names are

                FINANCEDEFAULT
                DacMask
                Mask12345

                Examples of invalid alias names are

                FINANCE-DEFAULT     (no dash permitted)
                123Mask             (must begin with alpha)
                DacMask            (must begin with alpha)

       abbrev   This is a short name (abbreviation) for the alias.
                Abbreviations can be up to 200 characters in length, but it
                is recommended that they be kept to 8 characters or less.
                The abbreviation may contain only alphanumeric characters or
                the underscore (_) character, and must start with an alpha
                character (A-Z,a-z).  A - in this field indicates that no
                abbreviation is defined for this alias.

       definition
                The definition of the alias.  A space or tab character
                separates the abbreviation (or - if no abbreviation is
                given) from the alias definition.  The remainder of the
                entry (until a newline character) is considered a part of



Licensed material--property of copyright holder(s)                         1




audit_alias_defs(4M)       C2 Trusted DG/UX 5.4.2T      audit_alias_defs(4M)


                the definition.  The definition syntax varies for each alias
                type (reason, class, or audit mask).  Alias definitions can
                contain other aliases as long as the aliases in the
                definition are previously defined, either in this file or in
                auditmaskdefs(4M).

       Reason alias definitions begin with a colon (:) followed by a list of
       one or more reason names or abbreviations from the auditmaskdefs
       file or previously defined in this file, separated by commas.  If
       more than one reason is specified, the list must be enclosed in
       parentheses.  The following examples are valid reason alias
       definitions:

       :(SUCCESS, PRIVFAILURE)
       :(s,ps,cs)

       Class alias definitions consist of a list of one or more class names
       or abbreviations from the auditmaskdefs file or previously defined
       in this file, separated by commas.  If more than one class is
       specified, the list must be enclosed in parentheses.  The following
       examples are valid class alias definitions:

       DUP
       (login, openmod)

       Audit mask alias definitions consist of a list of one or more class
       names or abbreviations (with syntax as defined for class aliases
       above) followed by one or more reasons (with syntax as defined for
       reason aliases above).  Note that with this syntax, a colon (:)
       separates the class(es) from the reason(s).  Audit mask aliases can
       also be defined by combining two or more complete masks with plus (+)
       or minus (-) operators.  (A complete mask has both classes and
       reasons.)  The + operator "adds" two masks; the resulting mask will
       have class/reason pairs from both masks.  The - operator "subtracts"
       two masks; the resulting mask will have class/reason pairs from the
       first mask that are not also in the second mask.  The following
       examples are valid audit mask definitions, where DEFAULT is an audit
       mask alias previously defined in auditaliasdefs:

       authcmd:ALL
       (fork,exec):allfail
       DEFAULT + (exec):allsuccess
       DEFAULT - TIMESET:all
       DEFAULT:all

       The last definition above will turn on all reasons for those classes
       already having at least one reason turned on in the mask with the
       alias DEFAULT.  For example, if DEFAULT is defined to be
       "(exec,time_set):all_success", then "DEFAULT:all" is equivalent to
       "(exec,time_set):all".

       See the Audit System Administrator's Guide for more information on
       creating audit mask alias definitions.




Licensed material--property of copyright holder(s)                         2




audit_alias_defs(4M)       C2 Trusted DG/UX 5.4.2T      audit_alias_defs(4M)


SEE ALSO
       audadmin(1M), audprint(1M), audselect(1M), auditmaskdefs(4M),
       auditeventdefs(4M),

       Audit System Administrator's Guide for the C2 Trusted DG/UX System




















































Licensed material--property of copyright holder(s)                         3


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026