HP-UX System Administrator's Guide: Security Management HP-UX 11i v3 (B3921-90020, September 2010)

Table Of Contents
init
Change run levels, users logging off
lpsched
Schedule line printer requests
fbackup
Flexible file backup
ftpd
File transfer protocol daemon
remshd
Remote shell server daemon
rlogind
Remote login server daemon
telnetd
Telnet server daemon
privrun
Invokes legacy application.
1
privedit
Allows authorized users to edit files.
1
roleadm
Edits role information.
1
authadm
Edits authorization information.
1
cmdprivadm
Edits command authorizations and privileges.
1
Most self-auditing programs generate audit data under a single event category. For
example, the audsys command generates the audit data under the admin event. Some
commands generate audit data under multiple event categories. For example, the init
command generates data under the login and admin events.
9.11 HP-UX RBAC Auditing
The privrun, privedit, roleadm, authadm, and cmdprivadm HP-UX RBAC
commands each generate audit records. The following attributes are included in each
audit record:
User name
UID
Role
Authorizations (operation, object)
Time of event
Result of event (success or failure)
9.11.1 Auditing Based on HP-UX RBAC Criteria and the /etc/rbac/aud_filter File
HP-UX RBAC Version B.11.23.02 and later support the use of an audit filter file to
identify specific HP-UX RBAC criteria to audit. You can create a filter file named
/etc/rbac/aud_filter to identify specific roles, operations, and objects for which
to generate audit records. Audit records are generated only if the attributes of a process
match all three entries (role, operation, and object) found in /etc/rbac/aud_filter.
If a user's role and associated authorization are not found in the file or do not explicitly
match, then no audit records specific to role-to-authorization are generated.
Authorized users can edit the /etc/rbac/aud_filter file using a text editor and
specify the role and authorization to be audited. Each authorization is specified in the
form of operation, object pairs. All authorizations associated with a role must be
1. See Chapter 8 for more information.
182 Audit Administration