Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditmap(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditon(1M)

auditrpt(1M)






       auditmap(1M)                                            auditmap(1M)


       NAME
             auditmap - create and write audit map files

       SYNOPSIS
             auditmap [-m dirname]

       DESCRIPTION
             The auditmap shell level command allows an administrator with
             the appropriate privileges to create and write the audit map
             files.  The privileges required are audit, dacread, macwrite
             and setplevel.  The auditmap command is invoked from the
             auditon command and may also be directly invoked by the
             auditing administrator.

             The default directory for the audit map file(s) is
             /var/audit/auditmap/.  The -m option allows the user to choose
             a directory where the audit map file(s) will be stored.  If
             the directory, dirname, does not exist or is not writable, an
             error message is displayed (see DIAGNOSTICS).

             In a base system, the auditmap command creates the auditmap
             file.  This file contains file identification information and
             six maps.
                   * file-identification: audit software version, timezone information,
                     privilege mechanism information, system name, machine node name,
                     operating system release and version, and machine type
                   * all login names and their corresponding uids
                   * all group names and their gids including multiple groups
                   * all event type names and their corresponding event type numbers
                   * all event classes and their corresponding event types
                   * all privilege names and their corresponding numbers
                   * all system call names and their corresponding numbers

             If the audit map file(s) already exist, under the default
             directory or the -m specified directory, they will be renamed.
             The existing auditmap file will be prefixed with an o.  The
             new audit map file will then be created.

             File locking mechanisms are in place to prevent file
             corruption during concurrent invocations of auditmap.

       DIAGNOSTICS
             On successful completion, the auditmap command exits with a
             value of zero (0).  If there are errors, it exits with one of
             the following values and prints the corresponding error
             message:


                           Copyright 1994 Novell, Inc.               Page 1













      auditmap(1M)                                            auditmap(1M)


            1   usage auditmap [-m dirname]

                Invalid command syntax.

            3   system service not installed

                The audit package is not installed.

            4   Permission denied

                Failure because of insufficient privilege.

            5   Invalid full path or pathname dirname specified

                The directory specified as an argument to the -m option
                does not exist.

            5   filename is not writable

            5   fcntl() failed

            12  auditctl() failed ASTATUS

                Failure occurred while retrieving auditing status.

            24  malloc() failed

            24  argvtostr() failed

            27  function name failed, errno = error

                Failure occurred while accessing level information.

            The following warning messages may be printed:

            "resource name" not written to audit map file "file"

                The user, group, privilege, or class map was not created
                (for example, if the user information is incomplete or
                missing, the warning printed is: UID map not written to
                audit map file /var/audit/auditmap/auditmap)

            Unable to create the auditmap file





                          Copyright 1994 Novell, Inc.               Page 2













       auditmap(1M)                                            auditmap(1M)


             filename file busy

                 Unable to place lock on file.

             unable to rename file audit map file to audit map file

                 Unable to rename the local audit map file.

             stat() failed

       FILES
             /var/audit/auditmap/auditmap
             /etc/security/audit/classes

       REFERENCES
             auditon(1M), auditrpt(1M)
































                           Copyright 1994 Novell, Inc.               Page 3








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026