Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Auditing a Trusted System
Chapter 8 795
modaccess Log all access modifications
other than Discretionary
Access Controls
chdir (2), chroot (2), fchdir (2), link (2),
lockf (2), lockf64 (2), rename (2),
setcontext (2), setgid (2), setgroups (2),
setpgid (2), setpgrp (2), setpgrp2 (2),
setpgrp3 (2), setregid (2), setresgid (2),
setresuid (2), setsid (2), setuid (2), shmctl
(2), shmdt (2), ulimit (2), ulimit64 (2),
unlink (2)
moddac Log all modifications of object’s
Discretionary Access Controls
acl (2), chmod (2), chown (2), fchmod (2),
fchown (2), fsetacl (2), lchmod (2)
a
,
lchown (2), putpmsg (2), semop (2), setacl
(2), umask (2)
open Log all openings of objects (file
open, other objects open)
execv (2), execve (2), ftruncate (2),
ksem_open (2)
a
, mmap (2), mmap64 (2),
mq_open (2), open (2), ptrace (2), ptrace64
(2), sendfile (2), sendfile64 (2), shm_open
(2), truncate (2), truncate64 (2)
process Log all operations on processes exit (2), fork (2), kill (2), mlock (2),
mlockall (2), munlock (2), munlockall (2),
nsp_init (2)
a
, rtprio (2), setpriority (2),
sigqueue (2), vfork (2)
readac Log all access to object’s
Discretionary Access Controls
access (2), fstat (2), fstat64 (2), getaccess,
lstat (2), lstat64 (2), stat (2), stat64 (2)
removable Log all removable media
events (mounting and
unmounting events)
mount (2), umount (2), vfsmount (2)
uevent1
uevent2
uevent3
Log user-defined events See “Streamlining Audit Log Data” on
page 796
a. An internal system call. Although it has no manpage, it can be specified for its
associated event. (All system calls are defined in <sys/scall_define.h>.)
Table 8-3 Audit Event Types and System Calls (Continued)
Event Type Description of Action Associated System Calls