Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audit_alias_defs(4M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audadmin(1M)

audprint(1M)

audselect(1M)



audit_alias_defs(4M)     DG/UX B2 Security R4.12MU02    audit_alias_defs(4M)


NAME
       auditaliasdefs - audit alias definitions

DESCRIPTION
       The file /etc/tcb/audit/auditaliasdefs contains definitions for
       audit reason, class, and mask aliases.

       The auditaliasdefs file has separate sections for reason, class,
       and audit mask aliases although the aliases can be defined in any
       order as long as an alias is defined before it is used.

       Aliases are composed of entries that are position dependent and have
       the following format:

              name    abbrev    definition

       Fields are separated by spaces or tabs, and each entry is delimited
       by a new-line character.  Up to 6000 characters per entry are
       permitted.  All names and abbreviations are case insensitive.
       Comment lines may be included by beginning the line with a #.  There
       are no limits (other than maximum entry size) imposed on the number
       of entries in the auditaliasdefs file.  The entry fields are:

       name        The full name of the alias.  The name must be 1 to 200
                   characters in length, contain only alphanumeric
                   characters or the low line (_), and must start with an
                   alphabetic character (A-Z,a-z).

                   Examples of valid alias names are
                        FINANCEDEFAULT
                        DacMask
                        Mask12345

                   Examples of invalid alias names are
                        FINANCE-DEFAULT   (Minus is not permitted in name.)
                        123Mask           (Name must begin with letter.)
                        DacMask          (Name must begin with letter.)

       abbrev      A short name (abbreviation) for the alias.  Abbreviations
                   can be up to 200 characters in length, but it is
                   recommended that they be kept to 8 characters or less.
                   The abbreviation may contain only alphanumeric characters
                   or the low line (_), and must start with an alphabetic
                   character (A-Z,a-z).  A minus sign (-) in this field
                   indicates that no abbreviation is defined for this alias.

       definition  The definition of the alias.  A space or tab character
                   (or - if no abbreviation is given) separates the
                   abbreviation from the alias definition.  The remainder of
                   the entry (until a new-line character) is considered a
                   part of the definition.  The definition syntax varies for
                   each alias type (reason, class, or audit mask).  Alias
                   definitions can contain other aliases as long as the
                   aliases in the definition are previously defined, either
                   in this file or in auditmaskdefs(4M).

       Reason alias definitions begin with a colon (:) followed by a list of
       one or more reason names or abbreviations from the auditmaskdefs
       file or previously defined in this file, separated by commas.  If
       more than one reason is specified, the list must be enclosed in
       parentheses.  The following examples are valid reason alias
       definitions:

       :(SUCCESS, PRIVFAILURE)
       :(s,ps,cs)

       Class alias definitions consist of a list of one or more class names
       or abbreviations from the auditmaskdefs file or previously defined
       in this file, separated by commas.  If more than one class is
       specified, the list must be enclosed in parentheses.  The following
       examples are valid class alias definitions:

       DUP
       (login, openmod)

       Audit mask alias definitions consist of a list of one or more class
       names or abbreviations (with syntax as defined for class aliases
       above) followed by one or more reasons (with syntax as defined for
       reason aliases above).  Note that with this syntax, a colon (:)
       separates the class(es) from the reason(s).  Audit mask aliases can
       also be defined by combining two or more complete masks with plus (+)
       or minus (-) operators.  (A complete mask has both classes and
       reasons.)  The + operator "adds" two masks; the resulting mask will
       have class/reason pairs from both masks.  The - operator "subtracts"
       two masks; the resulting mask will have class/reason pairs from the
       first mask that are not also in the second mask.  The following
       examples are valid audit mask definitions, where DEFAULT is an audit
       mask alias previously defined in auditaliasdefs:

       authcmd:ALL
       (fork,exec):allfail
       DEFAULT + (exec):allsuccess
       DEFAULT - TIMESET:all
       DEFAULT:all

       The last definition above will turn on all reasons for those classes
       already having at least one reason turned on in the mask with the
       alias DEFAULT.  For example, if DEFAULT is defined to be
       "(exec,time_set):all_success", then "DEFAULT:all" is equivalent to
       "(exec,time_set):all".

       For more information on creating audit mask alias definitions, See
       Managing Security Auditing on the DG/UX System.

SEE ALSO
       audadmin(1M), audprint(1M), audselect(1M), auditeventdefs(4M),
       auditmaskdefs(4M).
       Managing Security Auditing on the DG/UX System.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026