The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

audit_event (4)
  • >> audit_event (4) ( Solaris man: Специальные файлы /dev/* )
  • audit_event (5) ( FreeBSD man: Форматы файлов )
    •  

    NAME

    audit_event - audit event definition and class mapping
 

    SYNOPSIS

    /etc/security/audit_event

     

    DESCRIPTION

    /etc/security/audit_event is a user-configurable ASCII system file that stores event definitions used in the audit system. As part of this definition, each event is mapped to one or more of the audit classes defined in audit_class(4). See audit_control(4) and audit_user(4) for information about changing the preselection of audit classes in the audit system. Programs can use the getauevent(3BSM) routines to access audit event information.

    The fields for each event entry are separated by colons. Each event is separated from the next by a NEWLINE.Each entry in the audit_event file has the form: 

    number:name:description:flags

    The fields are defined as follows:

    number

    Event number.

    Event number ranges are assigned as follows:

    0

    Reserved as an invalid event number.

    1-2047

    Reserved for the Solaris Kernel events.

    2048-32767

    Reserved for the Solaris TCB programs.

    32768-65535

    Available for third party TCB applications.

    System administrators must not add, delete, or modify (except to change the class mapping), events with an event number less than 32768. These events are reserved by the system.

    name

    Event name.

    description

    Event description.

    flags

    Flags specifying classes to which the event is mapped. Classes are comma separated, without spaces.

    Obsolete events are commonly assigned to the special class no (invalid) to indicate they are no longer generated. Obsolete events are retained to process old audit trail files. Other events which are not obsolete may also be assigned to the no class.

     

    EXAMPLES

    Example 1 Using the audit_event File

    The following is an example of some audit_event file entries: 

    7:AUE_EXEC:exec(2):ps,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - local:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - telnet:lo
6155:AUE_rlogin:login - rlogin:lo

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE
    Interface Stability See below.

    The file format stability is Committed. The file content is Uncommitted.  

    FILES

    /etc/security/audit_event


     

     

    SEE ALSO

    bsmconv(1M), getauevent(3BSM), audit_class(4), audit_control(4), audit_user(4)

    Part VII, Solaris Auditing, in System Administration Guide: Security Services  

    NOTES

    This functionality is available only if Solaris Auditing has been enabled. See bsmconv(1M) for more information.

     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    EXAMPLES
    ATTRIBUTES
    FILES
    SEE ALSO
    NOTES

    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей     		Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру