Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditd.rc(4) — CLIX 3.1r7.6.28

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ed(1)

auditd(8)

auditr(8)



  auditd.rc(4)                        CLIX                        auditd.rc(4)



  NAME

    auditd.rc - The auditd configuration file

  DESCRIPTION

    The /usr/adm/auditd.rc file contains configuration information directives
    for the auditd audit log command.  These directives may appear in any
    order, and do not necessarily have to appear at all.  All directives are
    followed by multi-line specifications.  These specifications are valid
    until the next directive or the end-of-file is encountered.

    The directives which may appear in this file are as follows:

    #        This is a comment line.  The auditd command ignores these lines.

    alarm    Any name that appears after this line is the name of a file, if
             touched, that is to be reported to the console.  Only one
             pathname per line is permitted.  Regular expressions (see ed(1)
             for more information) may be used in specifying files.

    amail    After this line, place the mail path of the user to notify in
             case of an alarm.  If more than one mail path is listed, only the
             first one is used.  The rest are ignored.  If this directive is
             not included, then alarms are mailed to the root user on the
             local system.

    nologf   After this line, list the names of files, if touched, that are
             not to be logged by auditd.  Regular expressions may be used in
             specifying files.  The nologf and logf directives are mutually
             exclusive.

    logf     After this line, list the names of files, if touched, that are to
             be logged by auditd.  If a file does not appear in this list, it
             will not be logged.  Regular expressions may be used in
             specifying files.  The nologf and logf directives are mutually
             exclusive.

    nologp   After this line, list the names of programs that are not to be
             logged by auditd.  Regular expressions may be used in specifying
             process names.  The nologp and logp directives are mutually
             exclusive.

    logp     After this line, list the names of the programs that are to be
             logged by auditd.  If a program is not in the list, it is not
             logged.  Regular expressions may be used in specifying program
             names.  The nologp and logp directives are mutually exclusive.

  EXAMPLES

    In the following sample audit.rc file, the alarm, nologf, and nologp



  2/94 - Intergraph Corporation                                              1






  auditd.rc(4)                        CLIX                        auditd.rc(4)



    directives are specified.  This file specifies that if any files in the
    /usr/src/[sS]ecret directory are touched, a message is to be sent to the
    console.  With the nologf directive, auditd does not report any use of
    files in the /usr/lib/nodes/heard directory.  The line after the nologp
    directive tells auditd not to log the ps, mailx, and login processes.

    #tell me if anyone touches these files
    alarm
    /usr/src/[sS]ecret/*
    /etc/passwd
    #I don't care if anyone touches these files
    nologf
    /usr/lib/nodes/heard/*
    #I don't care if these processes touch anything
    nologp
    ps
    mailx
    login


  FILES

    /usr/adm/auditd.rc   The auditd configuration file.

  RELATED INFORMATION

    Commands:  ed(1), auditd(8), auditr(8)



























  2                                              Intergraph Corporation - 2/94




Typewritten Software • bear@typewritten.org • Edmonds, WA 98026