audusr(1m) [hpux man page]
audusr(1M) audusr(1M) NAME
audusr - select users to audit SYNOPSIS
user] ...] user] ...] DESCRIPTION
is used to specify users to be audited or excluded from auditing. The command only works for systems that have been converted to trusted mode. To select users to audit on systems that have not been converted to trusted mode, use the command. See also audit(5), userdbset(1M), userdb(4), and in security(4). If no arguments are specified, displays the audit setting of every user. is restricted to privileged users. Options recognizes the following options: Audit the specified user. The auditing system records audit records to the ``current'' audit file when the specified user executes audited events or system calls. Use to specify events to be audited (see audevent(1M)). Do not audit the specified user. Audit all users. Do not audit any users. The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified. Users specified with are audited (or excluded from auditing) beginning with their next login session, until excluded from auditing (or specified for auditing) with a subsequent invocation. Users already logged into the system when is invoked are unaffected during that login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly. WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality. AUTHOR
was developed by HP. FILES
File containing flags to indicate whether users are audited. SEE ALSO
audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5). TO BE OBSOLETED audusr(1M)
Check Out this Related Man Page
audit(4) Kernel Interfaces Manual audit(4) NAME
audit - audit trail format and other information for auditing DESCRIPTION
Audit records are generated when users make security-relevant system calls, as well as by self-auditing processes that call (see aud- write(2)). Access to the auditing system is restricted to super-user. Each audit record consists of an audit record header and a record body. The record header is comprised of sequence number, process ID, event type, and record body length. The sequence number gives relative order of all records; the process ID belongs to the process being audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes. The record body is the variable-length component of an audit record containing more information about the audited activity. For records generated by system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the high- level description of the event (see audwrite(2)). The records in the audit trail are compressed to save file space. When a process is audited the first time, a pid identification record (PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process. This includes the parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective, permit- ted, and retained privileges, compartment ID, and the terminal ID (tty). The PIR is entered only once per process per audit trail. Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)). AUTHOR
was developed by HP. SEE ALSO
audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5). audit(4)