audit - audit trail maintenance

---

SYNOPSIS

audit [ -n|-s|-t ]
audit -d username
audit -u username audit_event_state

AVAILABILITY

This program is available with the Security software installation option. Refer to [a manual with the abbreviation INSTALL] for information on how to install optional software.

DESCRIPTION

The audit command is the general administrator's interface to kernel auditing. The process audit state for a user can be temporarily or permanently altered. The audit daemon may be notified to read the contents of the audit_control file and re-initialize the current audit directory to the first directory listed in the audit_control file, or to open a new audit file in the current audit directory specified in the audit_control file as last read by the audit daemon. Auditing may also be terminated/disabled.

OPTIONS

-n

Signal audit daemon to close the current audit file and open a new audit file in the current audit directory.

-s

Signal audit daemon to read audit control file. The audit daemon stores the information internally.

-t

Signal audit daemon to disable auditing and die.

-d username

Change the process audit state of all processes owned by username. This new process audit state is constructed from the system and user audit values as specified in the audit_control and passwd.adjunct files respectively.

-u username audit_event_state

Set the process audit state from audit_event_state for all current processes owned by username. See audit_control.5 for the format of the system audit value. The process audit state is one argument. Enclose the audit event state in quotes, or do not use SPACE characters in the process audit state specification. A new login session reconstructs the process audit state from the audit flags in the audit_control and passwd.adjunct files.

SEE ALSO

Created by unroff & hp-tools. © somebody (See intro for details). All Rights Reserved. Last modified 11/5/97