audit_alias_defs(4M) DG/UX B2 Security R4.12MU02 audit_alias_defs(4M)
NAME
auditaliasdefs - audit alias definitions
DESCRIPTION
The file /etc/tcb/audit/auditaliasdefs contains definitions for
audit reason, class, and mask aliases.
The auditaliasdefs file has separate sections for reason, class,
and audit mask aliases although the aliases can be defined in any
order as long as an alias is defined before it is used.
Aliases are composed of entries that are position dependent and have
the following format:
name abbrev definition
Fields are separated by spaces or tabs, and each entry is delimited
by a new-line character. Up to 6000 characters per entry are
permitted. All names and abbreviations are case insensitive.
Comment lines may be included by beginning the line with a #. There
are no limits (other than maximum entry size) imposed on the number
of entries in the auditaliasdefs file. The entry fields are:
name The full name of the alias. The name must be 1 to 200
characters in length, contain only alphanumeric
characters or the low line (_), and must start with an
alphabetic character (A-Z,a-z).
Examples of valid alias names are
FINANCEDEFAULT
DacMask
Mask12345
Examples of invalid alias names are
FINANCE-DEFAULT (Minus is not permitted in name.)
123Mask (Name must begin with letter.)
DacMask (Name must begin with letter.)
abbrev A short name (abbreviation) for the alias. Abbreviations
can be up to 200 characters in length, but it is
recommended that they be kept to 8 characters or less.
The abbreviation may contain only alphanumeric characters
or the low line (_), and must start with an alphabetic
character (A-Z,a-z). A minus sign (-) in this field
indicates that no abbreviation is defined for this alias.
definition The definition of the alias. A space or tab character
(or - if no abbreviation is given) separates the
abbreviation from the alias definition. The remainder of
the entry (until a new-line character) is considered a
part of the definition. The definition syntax varies for
each alias type (reason, class, or audit mask). Alias
definitions can contain other aliases as long as the
aliases in the definition are previously defined, either
in this file or in auditmaskdefs(4M).
Reason alias definitions begin with a colon (:) followed by a list of
one or more reason names or abbreviations from the auditmaskdefs
file or previously defined in this file, separated by commas. If
more than one reason is specified, the list must be enclosed in
parentheses. The following examples are valid reason alias
definitions:
:(SUCCESS, PRIVFAILURE)
:(s,ps,cs)
Class alias definitions consist of a list of one or more class names
or abbreviations from the auditmaskdefs file or previously defined
in this file, separated by commas. If more than one class is
specified, the list must be enclosed in parentheses. The following
examples are valid class alias definitions:
DUP
(login, openmod)
Audit mask alias definitions consist of a list of one or more class
names or abbreviations (with syntax as defined for class aliases
above) followed by one or more reasons (with syntax as defined for
reason aliases above). Note that with this syntax, a colon (:)
separates the class(es) from the reason(s). Audit mask aliases can
also be defined by combining two or more complete masks with plus (+)
or minus (-) operators. (A complete mask has both classes and
reasons.) The + operator "adds" two masks; the resulting mask will
have class/reason pairs from both masks. The - operator "subtracts"
two masks; the resulting mask will have class/reason pairs from the
first mask that are not also in the second mask. The following
examples are valid audit mask definitions, where DEFAULT is an audit
mask alias previously defined in auditaliasdefs:
authcmd:ALL
(fork,exec):allfail
DEFAULT + (exec):allsuccess
DEFAULT - TIMESET:all
DEFAULT:all
The last definition above will turn on all reasons for those classes
already having at least one reason turned on in the mask with the
alias DEFAULT. For example, if DEFAULT is defined to be
"(exec,time_set):all_success", then "DEFAULT:all" is equivalent to
"(exec,time_set):all".
For more information on creating audit mask alias definitions, See
Managing Security Auditing on the DG/UX System.
SEE ALSO
audadmin(1M), audprint(1M), audselect(1M), auditeventdefs(4M),
auditmaskdefs(4M).
Managing Security Auditing on the DG/UX System.
Licensed material--property of copyright holder(s)