04-30-2014
Our system is running in trusted mode. Is it feasible to enable auditing system in trusted mode? Also provide us the procedure to enable auditing system as well as monitoring procedure in HP UX.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
i have an HPUX box in the office, as my daily routine i always check the load on my servers. i use the "top" command to see that. i would like to create a log file out of it so i can make it run once a day and check the logs. the problem is that the "top" command is like the "tail -f" command where... (7 Replies)
Discussion started by: inquirer
7 Replies
2. Shell Programming and Scripting
I would like to monitor a log file using a shell script and as soon as a line with a certain string in it appears I would like to run a program. I have been playing around with doing this using tail -f, but cannot get it to work. I found something similar here:... (1 Reply)
Discussion started by: danielsbrewer
1 Replies
3. UNIX for Advanced & Expert Users
Hi
What is the cvs command for getting the diff between the checkin log and tag log.
i am trying
cvs rdiff -s -r <branch Tag> -r <branch> <module>
but it is not giving me the files that were not tagged.
I think it is doing a diff for common files in head and tag.
Please help
... (0 Replies)
Discussion started by: rakeshou
0 Replies
4. AIX
Hi,
I need to remember command(not smitty command) I executed a month ago.
Maybe there are some logs I should refer ?
thanks
Vilius (3 Replies)
Discussion started by: vilius
3 Replies
5. UNIX for Dummies Questions & Answers
Hello sir,
to restart or shutdown we have commands like :-
Then what is the command to LOG OUT ????
I know that we can just go and click log out, but I want to know how to log out from terminal.
Can u please tell me the command !!!! (4 Replies)
Discussion started by: nsharath
4 Replies
6. UNIX for Dummies Questions & Answers
Ok so i'm relatively new at UNIX and I'm trying to figure out how to make a log dump command.
My situation is a bit odd in that I'm always looking at customers boxes and as such I can't really do much to them. So everything I do in UNIX pretty much has to be a command I can type in by hand. I... (4 Replies)
Discussion started by: MrEddy
4 Replies
7. Solaris
I ran the commad coreadm -e log. Does anybody know where this file went on a Solaris 10 system? I checked in the current working directory and I don't see a file called in the directory. I also checked /var/core and I didn't see a log there. (6 Replies)
Discussion started by: jastanle84
6 Replies
8. Shell Programming and Scripting
Hi,
I would like to get the audit log with username, directory and the date whenever user fires 'rm' command anywhere in the file locations.
Is there any possibility to capture the 'rm' command and its parameters from any environment by the single function ?
Please advise me.
... (4 Replies)
Discussion started by: Joviac
4 Replies
9. UNIX for Dummies Questions & Answers
Hi Guys,
I like to output every command executed in the script to a file.
I have tried set -x which does the same.
But it is not giving the logs of the child script which is being called from my script.
Is there any parameters in the Set command or someother way where i can see the log... (2 Replies)
Discussion started by: mac4rfree
2 Replies
10. Shell Programming and Scripting
In a shell script I am replacing the asterisks in a file:
sed "s/\*/"0"/g" /home/download/$COMPANY_CODE/file_new > /home/download/$COMPANY_CODE/fileI need to log which positions were replaced & position(01:20) from the line it was replaced in. I am not sure how to do so. Also, instead of... (11 Replies)
Discussion started by: tomj5141
11 Replies
LEARN ABOUT ULTRIX
auditmask
auditmask(8) System Manager's Manual auditmask(8)
Name
auditmask - get or set auditmasks
Syntax
auditmask [ option ... ] [ event[:succeed:fail]
Description
The command with no arguments displays the system-calls and trusted-events currently being audited for the system, and displays whether
they are being audited under successful or failed occurrences or both. The format used for the display is acceptable as input to the com-
mand.
The command with event arguments sets the system-call and trusted-event audit masks for the system. This is cumulative operation, so it is
possible to turn on or off audit for one set of events, then turn on or off audit for a second set of events without changing the first set
of events (except for intersection between the two sets). Command line arguments to can include one or more events, each with an optional
field :succeed:fail, where succeed is either 0 to specify no auditing of successful occurrences of event, or 1 (or any non-zero character)
to specify auditing of successful occurrences of event; and fail is either 0 to specify no auditing of failed occurrences of event or 1 (or
any non-zero character) to specify auditing of failed occurrences of event. The event name is the system-call name or the trusted-event
name (see audit.h ).
The command will also accept redirected input, which can be the output of a previously issued command. This is a file which contains lines
of the format event [succeed][fail]. If the keyword succeed is present, successful occurrences of that event will be audited; if the key-
word fail is present, failed occurrences of that event will be audited; if both are present, successful and failed occurrences will be
audited; if neither keyword is present, that event will not be audited.
The auditmask command can also be used to set the audit style characteristics of the audit subsystem. These characteristics control how
much information is recorded on exec operations.
The command is used in to initialize the auditmask at boot time according to the file This makes use of privileged operations within the
system call.
Options
-f Turns on full auditing for the system. This list may include events which have no symbolic name and are represented only by a
number (reserved for future use); these events will not be audited, despite their presence in the auditmask.
-n Turns off all auditing for the system.
-s aud_style
An aud_style of "exec_argp" enables the auditing of the argument list to an or syscall. An aud_style of "exec_envp" enables
the auditing of the environment strings to an or syscall.
See Also
audcntl(2)
auditmask(8)