AUDIT_EVENT(5) BSD File Formats Manual AUDIT_EVENT(5)NAME
audit_event -- audit event descriptions
DESCRIPTION
The audit_event file contains descriptions of the auditable events on the system. Each line maps an audit event number to a name, a descrip-
tion, and a class. Entries are of the form:
eventnum:eventname:description:eventclass
Each eventclass should have a corresponding entry in the audit_class(5) file.
Example entries in this file are:
0:AUE_NULL:indir system call:no
1:AUE_EXIT:exit(2):pc
2:AUE_FORK:fork(2):pc
3:AUE_OPEN:open(2):fa
FILES
/etc/security/audit_event
SEE ALSO audit(4), audit_class(5), audit_control(5), audit_user(5)HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD January 24, 2004 BSD
Check Out this Related Man Page
AUDIT_CLASS(5) BSD File Formats Manual AUDIT_CLASS(5)NAME
audit_class -- audit event class descriptions
DESCRIPTION
The audit_class file contains descriptions of the auditable event classes on the system. Each auditable event is a member of an event class.
Each line maps an audit event mask (bitmap) to a class and a description. Entries are of the form:
classmask:eventclass:description
Example entries in this file are:
0x00000000:no:invalid class
0x00000001:fr:file read
0x00000002:fw:file write
0x00000004:fa:file attribute access
0x00000080:pc:process
0x10000000:res:reserved for internal use
0xffffffff:all:all flags set
NOTES
The audit class res is reserved for internal use. Unentitled applications can still modify the event class preselection mask for an audit
event (for example by using the audit_event(5) configuration file or the auditon(2) system call with the A_SETCLASS command), however these
applications will not be able to change the res audit class mask for that event.
FILES
/etc/security/audit_class
SEE ALSO audit(4), audit_control(5), audit_event(5), audit_user(5)HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD January 24, 2004 BSD
I know that it's not necessary to get antivirus software for UNIX operating systems, but could someone please recommend some anyway? Does McAfee make any? (1 Reply)
FYI: As of 5/25, all dat updates are failing when uvscan v4.40 is run. McAfee has discontinued support for v4.40 in Jan 07. You will need to upgrade to v5.10 to support the new dat updates.
http://www.mcafee.com/us/enterprise/support/customer_service/end_life.html (0 Replies)
I've tried a few things to manually push out a script as a test from one of my primary machines to a test machine. I have a McAfee agent that I just obtained from McAfee, and I'm simply trying to remember what I did via terminal to push it out from my primary machine. Well, I finally figured it... (3 Replies)