audit.5 (2010 09)
a
audit(5) audit(5)
successful switch. If trail switch is unsuccessful, warning messages are sent to request appropriate
administrator action.
Self-auditing Programs
To reduce the amount of log data and to provide a higher-level recording of some typical system opera-
tions, a collection of privileged programs are given capabilities to perform self-auditing. This means that
the programs can suspend the currently specified auditing on themselves and produce a high-level
description of the operations they perform. These self-auditing programs are described in the following
manpages: at(1), chfn(1), chsh(1), crontab (1), login(1), newgrp(1), passwd(1), audevent (1M),
audisp (1M), audsys (1M), audusr(1M), cron(1M), groupadd(1M), groupdel (1M), groupmod (1M), init (1M),
lpsched (1M), sam(1M), useradd (1M), userdel (1M), and usermod (1M).
Note: Only privileged programs are allowed to do self-auditing. The audit suspension they perform
only affects these programs and does not affect any other processes on the system.
Most of these commands generate audit data under a single event category. For example,
SAM generates
the audit data under the event admin. Other commands may generate data under multiple event
categories. For example, the
init command generates data under the events login and admin .Fora
list of predefined event categories, see audevent(1M) .
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
The HP-UX Auditing System continues to work without converting to trusted mode.
AUTHOR
The auditing system described above was developed by HP.
SEE ALSO
audevent(1M), audisp(1M), audsys(1M), audusr(1M), userdbset(1M), audctl(2), audswitch(2), audwrite(2),
getaudid(2), getevent(2), setaudid(2), setevent(2), getauduser(3), setauduser(3), audit(4), security(4),
userdb(4), audit_memory_usage(5), audit_track_paths(5), diskaudit_flush_interval(5).
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010