 |
» |
|
|
|
NAMEaudevent — change or display event or system call audit status SYNOPSISaudevent
[-P|-p]
[-F|-f]
[-E]
[[-e
event] ...]
[-S]
[[-s
syscall] ...] DESCRIPTIONaudevent
changes the auditing status of the given events or system calls.
The
event
is used to specify names associated with certain self-auditing commands;
syscall
is used to select related system calls. If neither
-P,
-p,
-F,
nor
-f
is specified, the current status of the selected events
or system calls is displayed.
If no events or system calls are specified,
all events and system calls are selected. If the
-E
option is supplied, it is redundant to specify events with the
-e
option; this applies similarly to the
-S
and
-s
options. audevent
takes effect immediately.
However, the events and system calls specified are audited only
when called by a user currently being audited (see
audusr(1M)).
A list of valid events and associated syscalls is provided in
audit(5). Only the super-user can change or display audit status. Optionsaudevent
recognizes the following options and command-line arguments:
- -P
Audit successful events or system calls. - -p
Do not audit successful events or system calls. - -F
Audit failed events or system calls. - -f
Do not audit failed events or system calls. - -E
Select all events for change or display. - -e event
Select
event
for change or display. - -S
Select all system calls for change or display. - -s syscall
Select
syscall
for change or display.
The following is a list of the valid
events
and the associated
syscalls
(if any):
- create
Object creation (creat(),
mkdir(),
mknod(),
msgget(),
pipe(),
semget(),
shmat(),
shmget()) - delete
Object deletion (ksem_unlink(),
mq_unlink(),
msgctl(),
rmdir(),
semctl(),
shm_unlink()) - readdac
Discretionary access control (DAC)
information reading (access(),
fstat(),
fstat64(),
getaccess(),
lstat(),
lstat64(),
stat(),
stat64) - moddac
Discretionary access control
(DAC)
modification (chmod(),
chown(),
fchmod(),
fchown(),
fsetacl(),
lchmod(),
lchown(),
putpmsg(),
semop(),
setacl(),
umask()) - modaccess
Non-DAC
modification (
chdir(),
chroot(),
link(),
lockf(),
lockf64(),
rename(),
setgid(),
setgroups(),
setpgid(),
setpgrp(),
setregid(),
setresgid(),
setresuid(),
setsid(),
setuid(),
shmctl(),
shmdt(),
symlink(),
unlink()) - open
Object opening (execv(),
execve(),
ftruncate(),
ftruncate64(),
kload(),
ksem_open(),
mmap(),
mmap64(),
mq_open(),
open(),
ptrace(),
shm_open(),
truncate(),
truncate64()) - close
Object closing (close(),
ksem_close(),
mq_close(),
munmap()) - process
Process operations (exit(),
fork(),
kill(),
mlock(),
mlockall(),
munlock(),
munlockall(),
nsp_init(),
plock(),
rtprio(),
setcontext(),
setrlimit64(),
sigqueue(),
ulimit64(),
vfork()) - removable
Removable media events (exportfs(),
mount(),
umount(),
vfsmount()) - login
Logins and logouts - admin
administrative and superuser events (acct(),
adjtime(),
audctl(),
audswitch(),
clock_settime(),
mpctl(),
reboot(),
sched_setparam(),
sched_setscheduler(),
serialize(),
setaudid(),
setaudproc(),
setdomainname(),
setevent(),
sethostid(),
setpriority(),
setprivgrp(),
settimeofday(),
stime(),
swapon(),
toolbox(),
utssys()) - ipccreat
Interprocess Communication
(IPC)
object creation (bind(),
ipccreate(),
ipcdest(),
socket(),
socket2(),
socketpair()) - ipcopen
IPC
object opening (accept(),
connect(),
fattach(),
ipcconnect(),
ipclookup(),
ipcrecvcn()) - ipcclose
IPC
object deletion (fdetach(),
ipcshutdown(),
shutdown()) - ipcdgram
IPC
datagram (sendto()
and
recvfrom()) - uevent1
User-defined event 1 - uevent2
User-defined event 2 - uevent3
User-defined event 3
AUTHORaudevent
was developed by HP.
|