HP-UX 11i Version 2 Release Notes (October 2003)
Security
HP-UX Auditing System
Chapter 7
176
HP-UX Auditing System
The purpose of the auditing system is to record instances of access by subjects to objects
and to allow detection of any (repeated) attempts to bypass the protection mechanism
and any misuses of privileges, thus acting as a deterrent against system abuses and
exposing potential security weaknesses in the system.
The audevent command changes the auditing status of the given events or system calls.
The audisp command analyzes and displays the audit information contained in the
specified audit_filename audit files.
Summary of Change
Currently, audevent and audisp accepts a number of previously obsoleted system call
names and a list of undocumented event types as valid arguments. These options are
deprecated in HP-UX 11i v2, and they are slated to be obsoleted in the next release. In
other words, such names are accepted as valid arguments in HP-UX 11i v2, but in the
next release, they will generate an error.
The accepted, but to-be-obsoleted system call options include:
• sethostid
• rfa_netunam
• ipccreate
• ipclookup
• ipcconnect
• ipcrecvcn
• ipcshutdown
• ipcdest
• kload
• ca_setpgrp
• ulimit64
The accepted, but to-be-obsoleted, event type options include:
• creds
• sock
• file
• link
• unlink