Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditd(8) — SunOS 4.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditsvc(2)

audit_control(5)

audit.log(5)

audit(8)

audit_warn(8)

AUDITD(8)  —  MAINTENANCE COMMANDS

NAME

auditd − audit daemon

SYNOPSIS

/usr/etc/auditd [ username ]

DESCRIPTION

The auditd program is the daemon process that drives audit log generation.  auditd runs as root unless the username parameter specifies another valid user ID.  Use of this parameter is recommended to insure that auditd works over NFS and that the audit data is secure. 

After reading the audit_control file, auditd opens an audit log file in the first directory specified.  If there is an error opening this file, the daemon tries successive directories until successful.  Then the daemon invokes the auditsvc(2) system call to initiate audit record logging to the audit log file.  The system call does not return until:

• disk space is low on the audit filesystem

• there is an error writing the audit log file or

• the daemon receives a signal

auditd simply ignores most signals and re-issues the auditsvc() system call. However, for SIGHUP, the daemon re-reads the audit_control file, closes the current audit log file, and opens a new audit log file based on the new directory list. 

If the auditsvc() system call returns because of low disk space, auditd invokes the shell script audit_warn(8) with the name of the current audit log file, then returns to the auditsvc() system call to continue auditing using the same audit file.

When the auditsvc() system call returns because of an error, auditd recovers from the problem by closing the current audit log file and opening a new audit log file in the next directory in the list.  This recovers from most errors, such as lack of disk space, or file server crashes. 

Should the audit daemon run out of audit directories, it attempts to recover.  It suspends itself for a few seconds, and then re-reads the audit_control file.  It then tries again to open audit logs in the specified audit directory list. 

SEE ALSO

auditsvc(2), audit_control(5), audit.log(5), audit(8), audit_warn(8)

Sun Release 4.0  —  Last change: 9 September 1987

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026