HP-UX 11i Version 2 May 2005 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

151

152

153

154

155

156

157

158

159

160

Security

HP-UX Auditing System

Chapter 8

152

HP-UX Auditing System

The purpose of the HP-UX Auditing System is to record security relevant events for

analysis. This information helps you detect repeated attempts to breach security. Thus,

the HP-UX Auditing System acts as a deterrent against system abuses and exposes

potential security weaknesses.

Summary of Change

Previously, the HP-UX Auditing System was only supported on systems converted to

trusted mode. By installing the Standard Mode Security Extensions bundle

(available

on Software Pack), you can perform system audits in standard mode. The following

enhancements are included:

• A more flexible form of audit IDs (called “audit tags”), uniquely identifies each login

session and responsible user.

• Two new libsec routines, getauduser() and setauduser(), are similar to the

getaudid() and setaudid() system calls. The new libsec routines manage the

audit tags. Refer to the getauduser (3), setauduser (3), and audit (5) manpages.

• For applications that use PAM for authentication, the pam_hpsec PAM module

transparently handles the per-session audit information. Refer to the pam_hpsec (5)

manpage.

• The audit commands audsys, audisp, and audevent now support auditing in

standard mode. Refer to the audsys (1M), audisp (1M), and audevent (1M) manpages.

• Commands like login, cron, and ftpd can now do self-auditing in standard mode.

• Standard mode audit user selection information is stored in a per-user configuration

user database (which is similar to /tcb in trusted mode). Refer to the userdb (4)

manpage.

•The userdbset command specifies which users are to be audited in standard mode.

This functionality is equivalent to the audusr command in trusted mode. Refer to

the userdbset (1M) manpage.

Impact

Customers who desire to have the auditing feature in standard mode can install the

StdModSecExt bundle, which is available via Web release and on the HP-UX 11i v2 May

2005 Software Pack.

The StdModSecExt bundle contains the Standard Mode Security

Extensions.

Compatibility

There are no behavior changes visible to a customer who is using auditing in trusted

mode.

1. See “HP-UX Standard Mode Security Extensions” on page 159.

2. See “Software Pack (Optional HP-UX 11i v2 Core Enhancements)” on page 28 and

“HP-UX Standard Mode Security Extensions” on page 159.