AUDITCMD(ADM) UNIX System V
Name
auditcmd - command interface for audit subsystem activation,
termination, statistic retrieval, and subsystem notification
Syntax
/tcb/bin/auditcmd [ -e ] [ -d ] [ -s ] [ -c ] [ -m ] [ -q ]
Description
The auditcmd utility is used to control the audit subsystem.
This command may only be executed by processes with the
configaudit kernel authorization since the audit device is
used.
auditcmd allows the specification of the following options:
-e Enable the audit subsystem for audit record
generation. The enabling of the audit subsystem
initializes subsystem parameters from the
/tcb/files/audit/auditparms file. This file is
established using the auditif(ADM) command.
-s Inform the audit subsystem that a system shutdown is
in progress. The subsystem will continue audit record
generation to a temporary directory on the root file
system. The audit daemon is also modified so that it
will survive the shutdown. The subsystem will
continue to generate audit records until disabled.
-d Disable the audit subsystem. All audit record
generation ceases and a termination record is written
to the audit trail. This record results in the
termination of the audit daemon. The subsystem
properly synchronizes to insure that the audit daemon
has read all records from the audit trail before the
system is allowed to terminate.
-m Inform the audit subsystem that multi-user run state
has been achieved and that alternate audit
directories specified by the administrator using
auditif are now mounted and available.
-c Retrieve audit subsystem statistics from the audit
device.
-q Perform the specified option silently. Do not report
errors attributable to the audit subsystem not being
enabled at the moment.
See Also
audit(HW), ``Maintaining System Security,'' chapter of the
System Administrator's Guide
Diagnostics
auditcmd returns 0 on success, 1 on command line argument
error, and -1 on failure actions. Reasons for failure
include parameter file inconsistencies, lack of permission,
and security database inconsistency.
Value Added
auditcmd is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 8/23/89) AUDITCMD(ADM)