HP-UX Reference (11i v1 00/12) - 1M System Administration Commands A-M (vol 3)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man1m/!!!intro.1m
________________________________________________________________
___ ___
a
audevent(1M) audevent(1M)
NAME
audevent - change or display event or system call audit status
SYNOPSIS
audevent [-P-p][-F-f][-E][[-e event ] ...] [-S][[-s syscall ] ...]
DESCRIPTION
audevent changes the auditing status of the given events or system calls. The event is used to specify
names associated with certain self-auditing commands; syscall is used to select related system calls.
If neither -P, -p, -F, nor -f is specified, the current status of the selected events or system calls is
displayed. If no events or system calls are specified, all events and system calls are selected.
If the -E option is supplied, it is redundant to specify events with the -e option; this applies similarly to
the -S and -s options.
audevent takes effect immediately. However, the events and system calls specified are audited only
when called by a user currently being audited (see audusr(1M)). A list of valid events and associated sys-
calls is provided in audit(5).
Only the super-user can change or display audit status.
Options
audevent recognizes the following options and command-line arguments:
-P Audit successful events or system calls.
-p Do not audit successful events or system calls.
-F Audit failed events or system calls.
-f Do not audit failed events or system calls.
-E Select all events for change or display.
-e event Select event for change or display.
-S Select all system calls for change or display.
-s syscall Select syscall for change or display.
The following is a list of the valid events and the associated syscalls (if any):
create Object creation (creat(), mkdir(), mknod(), msgget(), pipe(),
semget(), shmat(), shmget())
delete Object deletion (ksem_unlink(),
mq_unlink() , msgctl(), rmdir(),
semctl(), shm_unlink() )
readdac Discretionary access control (DAC) information reading (access(), fstat(),
fstat64(), getaccess() , lstat(), lstat64(), stat(), stat64)
moddac Discretionary access control (DAC) modification (acl(), chmod(), chown(),
fchmod(), fchown(), fsetacl(), lchmod(), lchown(), putpmsg(),
semop(), setacl(), umask())
modaccess Non-DAC modification (chdir(), chroot(), link(), lockf(), lockf64(),
rename(), setgid(), setgroups() , setpgid(), setpgrp(), setre-
gid()
, setresgid() , setresuid() , setsid(), setuid(), shmctl(),
shmdt(), symlink(), unlink())
open Object opening (execv(), execve(), ftruncate() , ftruncate64(),
kload(), ksem_open() , mmap(), mmap64(), mq_open(), open(),
ptrace(), shm_open() , truncate(), truncate64() )
close Object closing (close(), ksem_close() , mq_close() , munmap())
process Process operations (exit(), fork(), kill(), mlock(), mlockall(), mun-
lock()
, munlockall() , nsp_init(), plock(), rtprio(), setcon-
text()
, setrlimit64(), sigqueue() , ulimit64() , vfork())
removable Removable media events (exportfs() , mount(), umount(), vfsmount())
Section 1M−−78 − 1 − HP-UX Release 11i: December 2000
___
___