Manualshelf

HP-UX Standard Mode Security Extensions Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
12345678910
HP-UX Standard Mode Security Extensions Release Note
Whats in This Version
Chapter 1 7
NOTE The Standard Mode Security Extensions bundle does not change systems
running in trusted mode.
Auditing System in Standard Mode HP-UX
The purpose of the auditing system is to record security relevant events for analysis. This
information helps detect repeated attempts of security breaches. Thus, the auditing system
acts as a deterrent against system abuses and exposes potential security weaknesses.
Previously, the auditing system was only supported on systems converted to trusted mode. By
installing the HP-UX Standard Mode Security Extensions bundle, you can now perform
audits without converting the system to trusted mode. The auditing system is described in the
audit (5) manpage. The following enhancements are included:
A more flexible form of audit IDs, called audit tags, uniquely identifies each login session
and responsible user.
Two new libsec routines, getauduser() and setauduser(), are similar to the
getaudid() and setaudid() system calls. The new libsec routines manage the audit tags.
Refer to the getauduser (3), setauduser (3), and audit (5) manpages.
For applications that use PAM for authentication, the pam_hpsec PAM module
transparently handles the per-session audit information. Refer to the pam_hpsec (5)
manpage.
The audit commands, audsys, audisp, and audevent, now support auditing in standard
mode. Refer to audsys (1M), audisp (1M), and audevent (1M).
Commands like login, cron, and ftpd, can now do self-auditing in standard mode.
Standard mode audit user selection information is stored in a per-user configuration user
database described in User Database for Per-User Configurations on page 9 and in the
userdb (4) manpage. This database is similar to /tcb in trusted mode.
The userdbset command specifies which users are to be audited in standard mode. This
functionality is equivalent to the audusr command in trusted mode. Refer to the userdbset
(1M) manpage.