Manualshelf

White Paper

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
11121314151617181920
19
sh -c "/usr/local/bin/rcp_audit_trail hostname /var/.audit/my_trail"
This copies /var/.audit/my_trail to a remote system, assuming that is what the given script
intends to do.
Writing a DPMS service module
The Audit Data Process Module Switch (Audit DPMS) framework offers the ability to selectively access
audit data in various formats through a set of common programming interfaces. It provides a layer of
separation between applications that need to extract information from audit data source and the
underlying modules that have the knowledge about the internal data format. For more information,
see audit_dpms(5).
The framework allows Audit DPMS service modules to be plugged in to handle the data in any
format. The service modules are a set of dynamically loadable objects invoked by the Audit DPMS API
to handle a particular type of audit data and format. Currently, HP-UX provides three DPMS service
modules to handle reading and writing from and to HP-UX raw audit data, reading and writing from
and to HP-UX portable audit data, and writing to XML format data. For more information, see
audit_hpux_raw(5), audit_hpux_portable(5), and audit_hpux_xml(5), respectively.
You can develop new DPMS service modules to plug into the Audit DPMS framework to handle audit
data from a source in another format. This section describes how to write a DPMS service module.
Service Provider Interfaces (SPIs)
A new DPMS service module must support the Audit DPMS Application Programming Interfaces (APIs)
(for example, audit_dpms_start(3), audit_dpms_end(3), audit_dpms_read_event(3),
and audit_dpms_write_event(3)) by implementing the corresponding DPMS service module
Service Provider Interfaces (SPIs) (audit_dpm_start(3), audit_dpm_end(3),
audit_dpm_read_event(3), and audit_dpm_write_event(3)). The Audit DPMS interface
library is the layer implementing the APIs, while the Audit DPMS service modules implement the APIs
for different audit record formats. For more information about the Audit DPMS APIs, see
audit_dpms_api(3). For more information about the Audit DPMS SPIs, see
audit_dpms_spi(3).
A new DPMS service module can make use of the Audit DPMS interface to allow an application to
register a set of filtering rules where only the audit events that meet the filtering criteria are returned to
the caller. This interface is provided entirely within the DPMS switch; DPMS modules therefore do not
provide a plug-in for this interface. For the grammar of the filtering rules, see
audit_dpms_filter(4).
DPMS service module implementation
A sample DPMS service module will be available on a future release of the AudReport product.
Best practices
Although best practices must be developed by each individual organization based on their particular
environment, there are some general best practices that can be universally applied.
This section
contains best practices to provide guidance for making decisions as part of the planning stage.