audevent(1M)
NAME
audevent − change or display event or system call audit status
SYNOPSIS
audevent [-P|-p] [-F|-f] [-E] [[-e event] ...] [-S] [[-s syscall] ...]
DESCRIPTION
audevent changes the auditing status of the given events or system calls. The event is used to specify names associated with certain self-auditing commands; syscall is used to select related system calls.
If neither -P, -p, -F, nor -f is specified, the current status of the selected events or system calls is displayed. If no events or system calls are specified, all events and system calls are selected.
If the -E option is supplied, it is redundant to specify events with the -e option; this applies similarly to the -S and -s options.
audevent takes effect immediately. However, the events and system calls specified are audited only when called by a user currently being audited (see audusr(1M)). A list of valid events and associated syscalls is provided in audit(5).
Only the super-user can change or display audit status.
Options
audevent recognizes the following options and command-line arguments:
-P Audit successful events or system calls.
-p Do not audit successful events or system calls.
-F Audit failed events or system calls.
-f Do not audit failed events or system calls.
-E Select all events for change or display.
-e event Select event for change or display.
-S Select all system calls for change or display.
-s syscall Select syscall for change or display.
The following is a list of the valid events and the associated syscalls (if any):
create Object creation ( creat(), mkdir(), mknod(), msgget(), pipe(), semget(), shmat(), shmget())
delete Object deletion ( msgctl(), rmdir(), semctl())
moddac Discretionary access control (DAC) modification ( chmod(), chown(), fchmod(), fchown(), fsetacl(), setacl(), umask())
modaccess Non- DAC modification ( chdir(), chroot(), link(), setgid(), setuid(), rename(), setgroups(), setresgid(), setresuid(), shmctl(), shmdt(), unlink())
open Object opening ( open(), execv(), execve(), ptrace(), truncate(), ftruncate())
close Object closing ( close())
process Process operations ( fork(), exit(), kill(), vfork(), nsp_init())
removable Removable media events ( mount(), umount(), vfsmount())
login Logins and logouts
admin administrative and superuser events ( audctl(), audswitch(), stime(), reboot(), setaudid(), setaudproc(), setdomainname(), setevent(), sethostid(), setprivgrp(), settimeofday(), swapon())
ipccreat Interprocess Communication (IPC) object creation ( bind() and socket())
ipcopen IPC object opening ( accept() and connect())
ipcclose IPC object deletion ( shutdown())
ipcdgram IPC datagram ( sendto() and recvfrom())
uevent1 User-defined event 1
uevent2 User-defined event 2
uevent3 User-defined event 3
AUTHOR
audevent was developed by HP.
SEE ALSO
audisp(1M), audomon(1M), audsys(1M), audusr(1M), getevent(2), setevent(2), audit(4), audit(5).
Hewlett-Packard Company — HP-UX Release 10.20: July 1996