Manualshelf

User`s guide

ManualsBrandsProtogate ManualsComputer equipmentFreeway 3112
11121314151617181920
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 5. Auditing
echo "# Added by /usr/local/freeway/boot.src/rc.startsra:" >> /etc/security/audit_warn
echo "#" >> /etc/security/audit_warn
echo "# Compress and move audit trail files when they are full." >> /etc/security/audit_warn
echo "#" >> /etc/security/audit_warn
echo "export DATEDIR=\"\‘date -u -v ’-5S’ ’+%Y%m%d’\‘\"" >> /etc/security/audit_warn
echo "if [ \"\$1\" = closefile ]; then" >> /etc/security/audit_warn
echo " /usr/bin/touch /var/save/\${DATEDIR}.audit_records.zip" >> /etc/security/audit_warn
echo " /sbin/chown root:audit /var/save/\${DATEDIR}.audit_records.zip" >> /etc/security/audit_warn
echo " /sbin/chmod 600 /var/save/\${DATEDIR}.audit_records.zip" >> /etc/security/audit_warn
echo " /usr/local/bin/zip -r /var/save/\${DATEDIR}.audit_records.zip \$2" >> /etc/security/audit_warn
echo " /usr/bin/touch \$2.txt" >> /etc/security/audit_warn
echo " /sbin/chown root:audit \$2.txt" >> /etc/security/audit_warn
echo " /sbin/chmod 600 \$2.txt" >> /etc/security/audit_warn
echo " /usr/sbin/praudit -d ’|’ \$2 > \$2.txt" >> /etc/security/audit_warn
echo " /sbin/chmod 400 \$2.txt" >> /etc/security/audit_warn
echo " /usr/local/bin/zip -r /var/save/\${DATEDIR}.audit_records.zip \$2.txt" \
>> /etc/security/audit_warn
echo " /sbin/rm -f \$2.txt" >> /etc/security/audit_warn
echo "fi" >> /etc/security/audit_warn
fi
/usr/sbin/audit -n
if /usr/bin/grep -- "^[^#]
*
bin\/audit -n" /etc/crontab >/dev/null; then
echo "Audit file refresh command exists -- will not add again..."
else
echo "0 0
* * *
root /usr/sbin/audit -n" >> /etc/crontab
fi
Those lines adjust two files /etc/security/audit_warn and /etc/crontab. The audit_warn file is run
whenever the audit trail file becomes full, and the new instructions within it compress the audit trail entries and move
the compressed results to another file. The crontab change adds a line to force the audit program to close and
reset the audit file with every reboot, and every midnight.
Another audit_warn configuration example is in
Section 6.9. More information about archiving the system-level
event audit logs is available by logging into a Freeway and typing the commands man audit_warn.
Protogate DC-908-3004A 17