Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ sat_echo(1M) — IRIX 6.5.3f

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

satwrite(2)

sat_strtoevent(3)



satecho(1M)                                                      satecho(1M)



NAME
     sat_echo - echo standard input into the system audit trail

SYNOPSIS
     satecho { -F | -S } satevent

DESCRIPTION
     sat_echo inserts the data from its standard input into the system audit
     trail.  (Only the first 65535 bytes of standard input are used; the rest
     are discarded.)  Use sat_echo in shell scripts that enforce security
     policy and must generate audit records.

OPTIONS
     Either -F or -S must be supplied, but not both at once.  satevent is a
     required argument.

     The options are:

     -F         The action described by this audit record failed.

     -S         The action described by this audit record succeeded.

     satevent   The printed representation of an audit event type, as
                described in sat_strtoevent(3).  If you want to customize the
                audit trail with the addition of event types specific to your
                site, use the sat_ae_custom event type.  If you need to
                distinguish between different types of sat_ae_custom events,
                structure the event specific data so that it begins with a
                sub-event type.

EXAMPLE
     Suppose a site security officer (SSO) wanted to make sure that the
     auditor was made aware of any changes to system databases in /etc.  After
     the system was installed, the SSO would have created a master file
     describing the /etc tree.

          find /etc -print | xargs ls -dlM > /var/adm/etc-master

     A shell script is run nightly that compares the current state of the /etc
     tree with the state when the master was made.  When discrepancies are
     found, an audit record is generated.

          find /etc -print | xargs ls -dlM > /tmp/etc-tonight
          diff /var/adm/etc-master /tmp/etc-tonight > /tmp/etc-diff
          if [ -s /tmp/etc-diff ]
               satecho -F sataecustom < /tmp/etc-diff
          else
               echo "Nightly /etc check shows no discrepancies." | \
               satecho -S sataecustom
          fi





                                                                        Page 1





satecho(1M)                                                      satecho(1M)



SEE ALSO
     satwrite(2), sat_strtoevent(3).





















































                                                                        Page 2



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026