Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audevent(1M) — HP-UX 10.20

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audisp(1M)

audomon(1M)

audsys(1M)

audusr(1M)

getevent(2)

setevent(2)

audit(4)

audit(5)

audevent(1M)

NAME

audevent − change or display event or system call audit status

SYNOPSIS

audevent [-P|-p] [-F|-f] [-E] [[-e event] ...] [-S] [[-s syscall] ...]

DESCRIPTION

audevent changes the auditing status of the given events or system calls.  The event is used to specify names associated with certain self-auditing commands; syscall is used to select related system calls. 

If neither -P, -p, -F, nor -f is specified, the current status of the selected events or system calls is displayed.  If no events or system calls are specified, all events and system calls are selected. 

If the -E option is supplied, it is redundant to specify events with the -e option; this applies similarly to the -S and -s options. 

audevent takes effect immediately.  However, the events and system calls specified are audited only when called by a user currently being audited (see audusr(1M)). A list of valid events and associated syscalls is provided in audit(5).

Only the super-user can change or display audit status. 

Options

audevent recognizes the following options and command-line arguments:

-P Audit successful events or system calls. 

-p Do not audit successful events or system calls. 

-F Audit failed events or system calls. 

-f Do not audit failed events or system calls. 

-E Select all events for change or display. 

-e event Select event for change or display. 

-S Select all system calls for change or display. 

-s syscall Select syscall for change or display. 

The following is a list of the valid events and the associated syscalls (if any):

create Object creation ( creat(), mkdir(), mknod(), msgget(), pipe(), semget(), shmat(), shmget())

delete Object deletion ( msgctl(), rmdir(), semctl())

moddac Discretionary access control (DAC) modification ( chmod(), chown(), fchmod(), fchown(), fsetacl(), setacl(), umask())

modaccess Non- DAC modification ( chdir(), chroot(), link(), setgid(), setuid(), rename(), setgroups(), setresgid(), setresuid(), shmctl(), shmdt(), unlink())

open Object opening ( open(), execv(), execve(), ptrace(), truncate(), ftruncate())

close Object closing ( close())

process Process operations ( fork(), exit(), kill(), vfork(), nsp_init())

removable Removable media events  ( mount(), umount(), vfsmount())

login Logins and logouts

admin administrative and superuser events ( audctl(), audswitch(), stime(), reboot(), setaudid(), setaudproc(), setdomainname(), setevent(), sethostid(), setprivgrp(), settimeofday(), swapon())

ipccreat Interprocess Communication (IPC) object creation ( bind() and socket())

ipcopen IPC object opening ( accept() and connect())

ipcclose IPC object deletion ( shutdown())

ipcdgram IPC datagram ( sendto() and recvfrom())

uevent1 User-defined event 1

uevent2 User-defined event 2

uevent3 User-defined event 3

AUTHOR

audevent was developed by HP. 

SEE ALSO

audisp(1M), audomon(1M), audsys(1M), audusr(1M), getevent(2), setevent(2), audit(4), audit(5). 

Hewlett-Packard Company  —  HP-UX Release 10.20:  July 1996

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026