auditset(1M) auditset(1M)
NAME
auditset - select or display audit criteria
SYNOPSIS
auditset [-d [-u user[,. . .] | -a]]
auditset [-s [operator]event[,. . .]]
[-e[operator]event[,. . .] -u user[,. . .]|-a]
DESCRIPTION
The auditset shell level command allows the administrator with
the appropriate privileges to set or display the system and
user audit criteria. The privileges required are audit,
dacread, macread and setplevel.
To set or display user auditing criteria the specified user(s)
must be active. If no options are supplied on the command
line, then the System and User audit criteria are displayed.
The event input list must be separated by commas, and can be
the name of an event class or event type. Event classes are
defined in the /etc/security/audit/classes system file.
Additionally, all and none may be used as event keywords. For
the system and user audit criteria the keyword none is defined
to be the set of fixed event types and the keyword all is
defined to be the set of all fixed and pre-selectable event
types. Keywords may not be intermixed with event classes or
event types. You may specify only one keyword with each
option; you may not, for example, specify both all and none
for the system audit criteria.
The user input list must be separated by commas, and can be
specified by either login name or uid. (Note: auditing is
based on real uid).
Only one operator may be specified per option on the command
line. Operators will be ignored when used with the keywords
all and none. The following are the valid operator values:
[no operator]
Replace the current auditable event(s) with the
specified input.
+ Add the specified auditable event(s) to the current
audit criteria.
Copyright 1994 Novell, Inc. Page 1
auditset(1M) auditset(1M)
- Delete the specified auditable event(s) from the current
audit criteria.
! All auditable events except those specified replace the
current auditable events.
The following are the valid command line options.
-d If no other options are given, display the current
system audit criteria in the format:
System Audit Criteria:
system: all | none | events[,. . .]
-u user[,. . .] | -a
The -u and -a options are modifiers to the -d option
and the -e option. The -u option is used to request
a specific active user or a list of active users.
The -a option is used to request all currently
active users. The -u and -a options can not be used
on the same command line. When used with the -e
option user audit criteria is set (see explanation
of -e option). When used with the -d option, the
system audit criteria is displayed, followed by the
user audit criteria for the given user(s). The
format for the system audit criteria is given under
the description for the -d option. The format for
the user audit criteria display is:
User Audit Criteria:
user1 (uid1): all | none | events[,. . .]
user2 (uid2): all | none | events[,. . .]
(user is the login name and uid the user ID).
-s [operator]event[,. . .]
Set the system wide auditing criteria. Any valid
event type or event class will be recorded
regardless of the current user criteria.
-e [operator]event[,. . .] -u user[,. . .] | -a
Set the auditing criteria for the specified active
user(s) or all users. All processes belonging to
the specified user(s) will have their auditing
information updated.
Copyright 1994 Novell, Inc. Page 2
auditset(1M) auditset(1M)
NOTICES
The auditset command sets audit criteria for users
dynamically. When you set audit criteria for a user with the
-e,-u,-a options, the criteria are in effect only for that
login session. If the user logs out or logs in from another
terminal, the criteria are no longer in effect. If you want
to set audit criteria for all a user's login sessions, use
either the useradd or usermod commands.
DIAGNOSTICS
When invoked successfully, the auditset command exits with a
value of zero (0). If there are errors, it exits with one of
the following values and prints the corresponding error
message:
1 usage: auditset . . .
Invalid command syntax.
3 system service not installed
The audit package is not installed.
4 Permission denied
Failure because of insufficient privilege.
5 opendir() failed for directory /proc
Unable to obtain a list of the active users on the
system.
10 auditevt() failed AGETSYS, errno = errno
A failure occurred while retrieving the system audit
mask.
10 auditevt() failed AGETUSR, errno = errno
A failure occurred while retrieving a user's audit mask.
11 auditevt() failed ASETSYS, errno = errno
A failure occurred while setting the system audit mask.
Copyright 1994 Novell, Inc. Page 3
auditset(1M) auditset(1M)
11 auditevt() failed ASETUSR, errno = errno
A failure occurred while setting a user's audit mask.
12 auditctl() failed ASTATUS, errno = errno
A failure occurred while retrieving the status of
auditing.
24 unable to allocate space
24 argvtostr() failed
The following warning messages may be displayed:
invalid or inactive user "user" specified
The argument to the -u option contained an invalid or
inactive user.
Files
/etc/security/audit/classes
REFERENCES
auditoff(1M), auditon(1M), auditrpt(1M), useradd(1M),
usermod(1M)
Copyright 1994 Novell, Inc. Page 4