Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dcecp_aud(1m) — HP-UX 10.20

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

dcecp(1m)

dcecp_audevents(1m)

dcecp_audfilter(1m)

dcecp_audtrail(1m)

aud_audit_events(5)

dts_audit_events(5)

sec_audit_events(5)

event_class(5)

aud(1m)

NAME

aud - A dcecp object that manages the audit daemon on a DCE host. 

SYNOPSIS

aud disable [remote_audit_daemon_name]
 
aud enable [remote_audit_daemon_name]
 
aud help [operation | -verbose]
 
aud modify {-change attribute_list | attribute options} [remote_audit_daemon_name]
 
aud operations
 
aud rewind [remote_audit_daemon_name]
 
aud show [remote_audit_daemon_name] [-attributes]
 
aud stop [remote_audit_daemon_name]

DESCRIPTION

The aud object represents the audit daemon (called auditd in the reference implementation) on a host.  The daemon creates audit trails on a single host.  The administrative functions are limited to changing the state of the daemon (enabled, disabled, stopped), and changing the strategy used to deal with file system storage for the the audit trails.  This command operates on the audit daemon on the local host, unless the _s(aud) convenience variable is set.  If set, the value is taken to be the name of an audit daemon’s server entry, as found in the DCE namespace, or as a string binding; and that audit daemon is contacted to service the requests.  An argument can also be given to these commands whose value is the same as that of the _s(aud) convenience variable.  The argument takes precedence over the convenience variable. 

ARGUMENTS

operationThe name of one specific aud operation about which you want to see help information

remote_audit_daemon_name
By default, operations pertain to the local audit daemon. The optional argument remote_audit_daemon_name specifies the name or the binding of one remote audit daemon to operate on. The name syntax is:

/.../cellname/hosts/hostname/auditd

A remote audit daemon can also be specified with a string binding for the remote host on which the audit daemon is running. Use a string binding such as

ncacn_ip_tcp:130.105.1.227

Alternatively, you can specify the binding using dcecp string syntax such as:

{ncacn_ip_tcp 130.105.1.227}

ATTRIBUTES

stostrategy {save | wrap}
The audit trail storage strategy of the daemon.  This attribute defines what the daemon will do if the audit trail storage is full.  Its possible values are

saveIf the specified trail size limit is reached (the default is 2 MB), auditd saves the current trail file to a new file (this file has the same name as the original trail file, with the date and time appended).  auditd then deletes the contents of the original trail file, and continues auditing from the beginning of this file.  This is the default value for stostrategy. 

wrapThe daemon will overwrite the old audit trails. 

state {enabled | disabled}
Tells whether the audit daemon is accepting audit log requests or not.  The values are enabled or disabled. The default value for state is enabled.

See the OSF DCE Administration Guide for more information about audit attributes. 

OPERATIONS

aud disable

Disables an audit daemon.  The syntax is:

aud disable [remote_audit_daemon_name]

The aud disable operation disables the audit record logging service of an audit daemon.  The state attribute is changed to disabled.  Returns an empty string on success.  Privilege Required You must have control (c) permission on the audit daemon’s ACL and be authenticated.  Examples

dcecp> aud disable
dcecp>

aud enable

Enables an audit daemon.  The syntax is:

aud enable [remote_audit_daemon_name]

The aud enable operation enables the audit record logging service of an audit daemon.  The state attribute is changed to enabled.  Returns an empty string on success.  Privilege Required You must have control (c) permission on the audit daemon’s ACL and be authenticated.  Examples

dcecp> aud enable
dcecp>

aud help

Returns help information about the aud object and its operations.  The syntax is: aud help [operation | -verbose] Option

-verboseDisplays more detailed information about the aud object. 

Used without an argument or option, the aud help command returns brief information about each aud operation.  The optional operation argument is the name of an operation about which you want detailed information.  Alternatively, you can use the -verbose option for more detailed information about the aud object itself.  Privilege Required No special privileges are needed to use the aud help command.  Examples

dcecp> aud help
disable             Disables the audit daemon.
enable              Enables the audit daemon.
modify              Modifies the attributes of the audit daemon.
rewind              Rewinds the specified audit trail file to the beginning.
show                Returns the attributes for an audit daemon.
stop                Stops the audit daemon.
help                Prints a summary of command-line options.
operations          Returns a list of the valid operations for this command.
dcecp>

aud modify

Changes the values of audit attributes.  The syntax is:

aud modify {-change attribute_list |  -attribute_option attribute_value ...}

Options

-change attribute_list
Allows you to specify attributes using an attribute list. See Examples.

-attribute_option attribute_value
As an alternative to using the -change option with an attribute list, you can change individual attribute options by prepending a hyphen (-) to any attributes listed in the ATTRIBUTES section of this reference page.  The -change option is intended for use in scripts when you can paste in lengthy attribute lists output by previous commands. The individual attribute options might be easier to use for interactive commands.

The aud modify operation allows modification of the audit daemon attributes.   Accepts the -change option which takes an attribute list as a value.  Also accepts the attribute options -stostrategy and -state.  Returns an empty string on success.  Privilege Required You must have control (c) permission on the audit daemon’s ACL and be authenticated.  Examples

dcecp> aud modify -change {{stostrategy wrap} {state enabled}}
dcecp>
 dcecp> aud modify -stostrategy wrap -state enabled
dcecp>

aud operations

Returns a list of the operations supported by the aud object.  The syntax is:

aud operations

The aud operations operation takes no arguments, and returns a list of the available operations for the aud object.  The order of the elements is alphabetical with the exception that help and operations are listed last.  Privilege Required No special privileges are needed to use the aud operations command.  Examples

dcecp> aud operations
disable enable modify rewind show stop help operations
dcecp>

aud rewind

Rewinds the central audit trail file to the beginning.  The syntax is: aud rewind  [remote_audit_daemon_name] By default the central trail file is rewound to the beginning.  Returns an empty string on success. Privilege Required You must have control (c) permission on the audit daemon’s ACL and be authenticated. Examples

dcecp> aud rewind
dcecp>

aud show

Returns the attribute list for the audit daemon.  The syntax is: aud show [-attributes] The aud show operation returns the attribute list for the audit daemon.  The attributes are returned in lexical order.  The -attributes option is provided for consistency with other dcecp commands.  It does not change the performance of the command. Privilege Required You must have read (r) permission on the audit daemon’s ACL and be authenticated. Examples

dcecp> aud show
{stostrategy wrap}
{state enabled}
dcecp>

aud stop

Stops the audit daemon.  The syntax is:

aud stop [remote_audit_daemon_name]

The aud stop operation stops the audit daemon process.  Returns an empty string on success.  Privilege Required You must have control (c) permission on the audit daemon’s ACL and be authenticated.  Examples

dcecp> aud stop
dcecp>

RELATED INFORMATION

Commands: dcecp(1m), dcecp_audevents(1m), dcecp_audfilter(1m), dcecp_audtrail(1m), aud_audit_events(5), dts_audit_events(5), sec_audit_events(5), event_class(5). 

Hewlett-Packard Company  —  OSF DCE 1.1/HP DCE 1.5

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026