White Paper

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

The list and information is incomplete and might change in the future.

Audit aware

Most self-auditing programs are audit aware. They can suspend the currently specified low-level

system call auditing on themselves by invoking the audswitch(2) system call and can produce a

high-level description of the operations they perform by invoking the audwrite(2) system call to

generate self-auditing events. The audit suspension they perform only affects these programs and does

not affect any other processes on the system. The list of audit aware programs is as follows:

• audevent(1M) (admin)

audevent: getting event and syscall status

audevent: [disable|enable] [success|failure] for [event|syscall] name

• audisp(1M) (admin)

audisp : argv1 … argvn (for various error conditions)

• auditdp(1M) (admin)

auditdp: argv1 … argvn

auditdp: invalid command line

auditdp: audit_dpms_write_nevent(3) failed

auditdp: audit_dpms_read_event(3) failed

auditdp: data has been successfully processed

• audfilter(1M) (admin)

audfilter: argv1 … argvn

audfilter: User is not authorized to run audfilter

audfilter: Invalid command line options

audfilter: Daemon is not started yet

audfilter: Request to kill daemon [failed|succeeded]

audfilter: Request to load audit filtering rules [failed|succeeded]

audfilter: Request to clear audit filtering rules [failed|succeeded]

audfilter: Request to display audit filtering rules [failed|succeeded]

audfilter: Request to display audit filtering rules in preview mode

[failed|succeeded]

audfilter: Request to display daemon status [failed|succeeded]

audfilter: Request to change daemon’s wakeup period [failed|succeeded]

• audfilterd(1M) (admin)

audfilterd: argv1 … argvn

audfilterd: User is not authorized to run audfilterd

audfilterd: Failed to raise necessary privileges for audfilterd

audfilterd: Failed to access the configuration file

/etc/audit/filter.conf

audfilterd: Invalid command line options

audfilterd: Invalid wakeup period

audfilterd: Daemon is already running

audfilterd: Daemon status displayed

audfilterd: Failed to install signal handler

audfilterd: Failed to start the server

audfilterd: Failed to fork as a background process: error message

• audomon(1M) (admin)

audomon: FreeSpaceSwitch point reached, audomon has successfully

switched auditing to pathname of new audit trail

audomon: AuditFileSwitch point reached, audomon has successfully

switched auditing to pathname of new audit trail