Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditset(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditoff(1M)

auditon(1M)

auditrpt(1M)

useradd(1M)

usermod(1M)






       auditset(1M)                                            auditset(1M)


       NAME
             auditset - select or display audit criteria

       SYNOPSIS
             auditset [-d [-u user[,. . .] | -a]]
             auditset [-s [operator]event[,. . .]]
                   [-e[operator]event[,. . .] -u user[,. . .]|-a]

       DESCRIPTION
             The auditset shell level command allows the administrator with
             the appropriate privileges to set or display the system and
             user audit criteria.  The privileges required are audit,
             dacread, macread and setplevel.

             To set or display user auditing criteria the specified user(s)
             must be active.  If no options are supplied on the command
             line, then the System and User audit criteria are displayed.

             The event input list must be separated by commas, and can be
             the name of an event class or event type.  Event classes are
             defined in the /etc/security/audit/classes system file.
             Additionally, all and none may be used as event keywords.  For
             the system and user audit criteria the keyword none is defined
             to be the set of fixed event types and the keyword all is
             defined to be the set of all fixed and pre-selectable event
             types.  Keywords may not be intermixed with event classes or
             event types.  You may specify only one keyword with each
             option; you may not, for example, specify both all and none
             for the system audit criteria.

             The user input list must be separated by commas, and can be
             specified by either login name or uid.  (Note: auditing is
             based on real uid).

             Only one operator may be specified per option on the command
             line.  Operators will be ignored when used with the keywords
             all and none.  The following are the valid operator values:

             [no operator]
                   Replace the current auditable event(s) with the
                   specified input.

             +     Add the specified auditable event(s) to the current
                   audit criteria.




                           Copyright 1994 Novell, Inc.               Page 1













      auditset(1M)                                            auditset(1M)


            -     Delete the specified auditable event(s) from the current
                  audit criteria.

            !     All auditable events except those specified replace the
                  current auditable events.

            The following are the valid command line options.

            -d    If no other options are given, display the current
                  system audit criteria in the format:
                           System Audit Criteria:
                                system: all | none | events[,. . .]

            -u user[,. . .] | -a
                      The -u and -a options are modifiers to the -d option
                      and the -e option.  The -u option is used to request
                      a specific active user or a list of active users.
                      The -a option is used to request all currently
                      active users.  The -u and -a options can not be used
                      on the same command line.  When used with the -e
                      option user audit criteria is set (see explanation
                      of -e option).  When used with the -d option, the
                      system audit criteria is displayed, followed by the
                      user audit criteria for the given user(s).  The
                      format for the system audit criteria is given under
                      the description for the -d option.  The format for
                      the user audit criteria display is:
                           User Audit Criteria:
                                user1 (uid1): all | none | events[,. . .]
                                user2 (uid2): all | none | events[,. . .]

                      (user is the login name and uid the user ID).

            -s [operator]event[,. . .]
                      Set the system wide auditing criteria.  Any valid
                      event type or event class will be recorded
                      regardless of the current user criteria.

            -e [operator]event[,. . .] -u user[,. . .] | -a
                      Set the auditing criteria for the specified active
                      user(s) or all users.  All processes belonging to
                      the specified user(s) will have their auditing
                      information updated.





                          Copyright 1994 Novell, Inc.               Page 2













       auditset(1M)                                            auditset(1M)


       NOTICES
             The auditset command sets audit criteria for users
             dynamically.  When you set audit criteria for a user with the
             -e,-u,-a options, the criteria are in effect only for that
             login session.  If the user logs out or logs in from another
             terminal, the criteria are no longer in effect.  If you want
             to set audit criteria for all a user's login sessions, use
             either the useradd or usermod commands.

       DIAGNOSTICS
             When invoked successfully, the auditset command exits with a
             value of zero (0).  If there are errors, it exits with one of
             the following values and prints the corresponding error
             message:

             1    usage: auditset . . .

                  Invalid command syntax.

             3    system service not installed

                  The audit package is not installed.

             4    Permission denied

                  Failure because of insufficient privilege.

             5    opendir() failed for directory /proc

                  Unable to obtain a list of the active users on the
                  system.

             10   auditevt() failed AGETSYS, errno = errno

                  A failure occurred while retrieving the system audit
                  mask.

             10   auditevt() failed AGETUSR, errno = errno

                  A failure occurred while retrieving a user's audit mask.

             11   auditevt() failed ASETSYS, errno = errno

                  A failure occurred while setting the system audit mask.




                           Copyright 1994 Novell, Inc.               Page 3













      auditset(1M)                                            auditset(1M)


            11   auditevt() failed ASETUSR, errno = errno

                 A failure occurred while setting a user's audit mask.

            12   auditctl() failed ASTATUS, errno = errno

                 A failure occurred while retrieving the status of
                 auditing.

            24   unable to allocate space

            24   argvtostr() failed

            The following warning messages may be displayed:

            invalid or inactive user "user" specified
                  The argument to the -u option contained an invalid or
                  inactive user.

         Files
            /etc/security/audit/classes

      REFERENCES
            auditoff(1M), auditon(1M), auditrpt(1M), useradd(1M),
            usermod(1M)























                          Copyright 1994 Novell, Inc.               Page 4








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026