Manual page for AUDIT_WARN(8)
audit_warn - audit daemon warning script
SYNOPSIS
/usr/etc/audit_warn
[ option [ arguments ]]
DESCRIPTION
The
audit_warn
script processes warning or error messages from the audit daemon.
When a problem is encountered, the audit daemon,
auditd.8
calls
audit_warn
with the appropriate arguments.
The
option
argument specifies the error type.
The system administrator can specify a list of mail recpients
using the script's
RECIPIENTS
variable.
The default recipient is root.
OPTIONS
- soft filename
-
indicates that the soft limit for
filename
has been exceeded.
The default action for this option is to send mail to the system
administrator.
- allsoft
-
indicates that the soft limit for all filesystems has been exceeded.
The default action for this option is to send mail to the system
administrator.
- hard filename
-
indicates that the hard limit for the file has been exceeded.
The default action for this option is to send mail to the system
administrator.
- allhard count
-
indicates that the hard limit for all filesystems has been exceeded
count
times.
The default action for this option is to send mail to the system
administrator only if the
count
is
1,
and to send a message to console every time.
It is recommended that mail
not
be send every time.
- ebusy
-
indicates that the audit daemon is already running.
The default action for this option is to send mail to the system
administrator.
- tmpfile
-
indicates that the temporary audit file already exists indicating a
fatal error.
The default action for this option is to send mail to the system
administrator.
- nostart
-
indicates that auditing cannot be started because the system audit
state is
AUC_FCHDONE.
The default action for this option is to send mail to the system
administrator. Some system administrators may prefer to have the
script reboot the system at this point.
- auditoff
-
indicates that someone other than the audit daemon changed the system
audit state to something other than
AUC_AUDITING.
The audit
daemon will have exited in this case.
The default action for this option is to send mail to the system
administrator.
- postsigterm
-
indicates that an error occurred during the orderly shutdown of the
audit daemon.
The default action for this option is to send mail to the system
administrator.
- getacdir
-
indicates that there is a problem getting the directory list from:
/etc/security/audit/audit_control.
The audit daemon will hang in a sleep loop until the file is fixed.
SEE ALSO
audit.log.5
audit_control.5
audit.8
auditd.8
Created by unroff & hp-tools.
© somebody (See intro for details). All Rights Reserved.
Last modified 11/5/97