Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditon(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditdmp(2)

auditlog(1M)

auditmap(1M)

auditoff(1M)

auditrpt(1M)

auditset(1M)

defadm(1M)






       auditon(1M)                                              auditon(1M)


       NAME
             auditon - enable auditing

       SYNOPSIS
             auditon

       DESCRIPTION
             The auditon shell level command allows the administrator with
             the appropriate privileges to enable auditing.  The privileges
             required are audit, dacread, macwrite and setplevel.

             When auditon is invoked, it retrieves the default values for
             the AUDIT_LOGERR, AUDIT_LOGFULL, and AUDIT_DEFPATH parameters
             from the /etc/default/audit file.  If access to the file is
             denied or if any of the key words is missing or invalid, an
             error message is printed (see DIAGNOSTICS).  The default value
             for the AUDIT_LOGERR and AUDIT_LOGFULL parameters is DISABLE.
             The default value for the AUDIT_DEFPATH parameter is
             /var/audit.

             If the event log file is a regular file, the AUDIT_NODE
             parameter is evaluated.  If the value of AUDIT_NODE is longer
             than 7 characters or contains a slash, it is not used and no
             node name is appended to the log file name.  If the value of
             AUDIT_NODE is valid, it is appended to the log file name.

             If the value of AUDIT_LOGFULL is SWITCH, the AUDIT_PGM
             parameter is evaluated.  If the value of AUDIT_PGM is valid,
             it is used as the absolute pathname of a program to execute
             when a log switch occurs.  The AUDIT_DEFPATH and AUDIT_NODE
             parameters are also evaluated, and their values used for the
             alternate log file name and alternate node name.

             The auditlog command may be used to override all but the
             AUDIT_LOGERR parameter.

             When auditon is invoked, it initializes the audit event log
             file.  If auditon is invoked when the maximum number of audit
             files already exist, an error message is displayed (see
             DIAGNOSTICS). In such cases, editing /etc/default/audit to
             change the AUDIT_DEFPATH parameter controlling which directory
             log files will be placed may be helpful.

             If the event log file cannot be accessed an error message is
             displayed (see DIAGNOSTICS).  When the auditon command
             completes successfully, the following message is displayed:


                           Copyright 1994 Novell, Inc.               Page 1













      auditon(1M)                                              auditon(1M)


                  Auditing enabled filename

            In this case, filename is the name of the audit log file.

            The auditon command invokes the auditmap command to create the
            audit map files.

            Auditing remains enabled while the system is running until the
            auditoff command is executed, or the log full condition of
            DISABLE or SHUTDOWN occurs, or an audit error is encountered.

      DIAGNOSTICS
            On successful completion, the auditon command exits with a
            value of zero (0).  If there is an error, it exits with one of
            the following values and prints the corresponding error
            message:

            1   usage: auditon

                Invalid command syntax.

            3   system service not installed

                The audit package is not installed.

            4   Permission denied

                Failure because of insufficient privilege.

            8   auditlog() failed ALOGGET, errno = errno

                Failure occurred while getting audit log file attributes.

            9   auditlog() failed ALOGSET, errno = errno

                Failure occurred while setting audit log file attributes.

            12  auditctl() failed ASTATUS, errno = errno

                Failure occurred while retrieving the status of auditing.

            17  cannot access event log current log file

                Failure occurred while attempting to enable auditing.




                          Copyright 1994 Novell, Inc.               Page 2













       auditon(1M)                                              auditon(1M)


             17  Internal error, errno = errno

                 Failure occurred while attempting to enable auditing.

             17  the maximum (999) number of audit event log files for a
                 given day exist

                 The maximum number of audit event log files exist,
                 auditing is not enabled.

             17  auditing abnormally terminated log file

                 Before command completion auditing was terminated by
                 another process.

             24  unable to malloc space

             24  argvtostr() failed

             33  exec of program name failed

             36  fork() failed

             The following warning messages may be printed:

             Auditing already enabled

             none or invalid AUDIT_LOGERR=value found in /etc/default/audit

             cannot access /etc/default/audit
                  The /etc/default/audit file cannot be accessed.  Default
                  values described in the DESCRIPTION section are used.
                  Auditing is enabled.

             none or invalid AUDIT_LOGFULL=value found in /etc/default/audit

             none or invalid AUDIT_DEFPATH=value found in /etc/default/audit

             auditlog() failed ALOGGET, errno = errno

                  Auditing is enabled, however failure occurred when
                  retrieving audit log attributes before changing
                  owner/group of audit log file.





                           Copyright 1994 Novell, Inc.               Page 3













      auditon(1M)                                              auditon(1M)


      FILES
            /etc/default/audit
            /var/audit/MMDD###
            /etc/init.d/audit
            /etc/rc2.d/S02audit

      REFERENCES
            auditdmp(2), auditlog(1M), auditmap(1M), auditoff(1M),
            auditrpt(1M), auditset(1M), defadm(1M)







































                          Copyright 1994 Novell, Inc.               Page 4








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026