HP-UX Reference (11i v1 05/09) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

101

102

103

104

105

106

107

108

109

110

audevent(1M) audevent(1M)

NAME

audevent - change or display event or system call audit status

SYNOPSIS

audevent [-P-p][-F

-f][-E][[-e event ] ...] [-S

][[-s syscall ] ... ]

DESCRIPTION

audevent changes the auditing status of the given events or system calls. The event is used to specify

names associated with certain self-auditing commands; syscall is used to select related system calls.

If neither

-P, -p, -F, nor

-f is speciﬁed, the current status of the selected events or system calls is

displayed. If no events or system calls are speciﬁed, all events and system calls are selected.

If the

-E option is supplied, it is redundant to specify events with the

-e option; this applies similarly to

the

-S and -s options.

audevent takes effect immediately. However, the events and system calls speciﬁed are audited only

when called by a user currently being audited (see audusr(1M)). A list of valid events and associated sys-

calls is provided in audit(5).

Only the super-user can change or display audit status.

Options

audevent recognizes the following options and command-line arguments:

-P Audit successful events or system calls.

-p Do not audit successful events or system calls.

-F Audit failed events or system calls.

-f Do not audit failed events or system calls.

-E Select all events for change or display.

-e event Select event for change or display.

-S Select all system calls for change or display.

-s syscall Select syscall for change or display.

The following is a list of the valid events and the associated syscalls (if any):

create Object creation (creat(), mkdir(), mknod(), msgget(), pipe(),

semget(), shmat(), shmget())

delete Object deletion (ksem_unlink()

, mq_unlink() , msgctl(), rmdir(),

semctl(), shm_unlink() )

readdac Discretionary access control (DAC) information reading (access(), fstat(),

fstat64(), getaccess() , lstat(), lstat64() , stat(), stat64)

moddac Discretionary access control (DAC) modiﬁcation (acl(), chmod(), chown(),

fchmod(), fchown(), fsetacl() , lchmod(), lchown(), putpmsg(),

semop(), setacl(), umask())

modaccess Non-DAC modiﬁcation (chdir(), chroot(), link(), lockf(), lockf64(),

rename(), setgid(), setgroups() , setpgid(), setpgrp() , setre-

gid()

, setresgid() , setresuid(), setsid(), setuid(), shmctl(),

shmdt(), symlink(), unlink())

open Object opening (execv(), execve(), ftruncate() , ftruncate64(),

kload(), ksem_open() , mmap(), mmap64(), mq_open() , open(),

ptrace(), shm_open() , truncate() , truncate64() )

close Object closing (close(), ksem_close() , mq_close() , munmap())

process Process operations (exit(), fork(), kill(), mlock(), mlockall(), mun-

lock()

, munlockall() , nsp_init() , plock(), rtprio(), setcon-

text()

, setrlimit64(), sigqueue(), ulimit64() , vfork())

removable Removable media events (exportfs() , mount(), umount(), vfsmount() )

HP-UX 11i Version 1: September 2005 − 1 − Hewlett-Packard Company Section 1M−−79