HP-UX Reference (11i v3 07/02) - 5 Miscellaneous Topics (vol 9)
a
audit(5) audit(5)
administrator action.
Self-auditing Programs
To reduce the amount of log data and to provide a higher-level recording of some typical system operations,
a collection of privileged programs are given capabilities to perform self-auditing. This means that the pro-
grams can suspend the currently specified auditing on themselves and produce a high-level description of
the operations they perform. These self-auditing programs are described in the following manpages: at(1),
chfn(1), chsh(1), crontab(1), login(1), newgrp(1), passwd(1), audevent(1M), audisp(1M), audsys(1M),
audusr(1M), cron(1M), groupadd(1M), groupdel(1M), groupmod(1M), init(1M), lpsched(1M), sam(1M),
useradd(1M), userdel(1M), and usermod(1M).
Note: Only privileged programs are allowed to do self-auditing. The audit suspension they perform
only affects these programs and does not affect any other processes on the system.
Most of these commands generate audit data under a single event category. For example,
SAM generates
the audit data under the event admin. Other commands may generate data under multiple event
categories. For example, the
init command generates data under the events login and admin. For a list
of predefined event categories, see audevent(1M).
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
The HP-UX Auditing System continues to work without converting to trusted mode.
AUTHOR
The auditing system described above was developed by HP.
SEE ALSO
audevent(1M), audisp(1M), audsys(1M), audusr(1M), userdbset(1M), audctl(2), audswitch(2), audwrite(2),
getaudid(2), getevent(2), setaudid(2), setevent(2), getauduser(3), setauduser(3), audit(4), security(4),
userdb(4), audit_memory_usage(5), audit_track_paths(5), diskaudit_flush_interval(5).
82 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: February 2007