DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

auditcmd(ADM)


auditcmd -- command interface for audit subsystem activation, termination, statistic retrieval, and subsystem notification

Syntax

/tcb/bin/auditcmd [ -e ] [ -d ] [ -s ] [ -c ] [ -m ] [ -q ]

Description

The auditcmd utility is used to control the audit subsystem. This command may only be executed by processes with the configaudit kernel privilege, since the audit device is used.

auditcmd allows the following options:


-e
Enable the audit subsystem for audit record generation. The enabling of the audit subsystem initializes subsystem parameters from the /tcb/files/audit/audit_parms file. This file is established using the Audit manager selections or auditsh(ADM).

-s
Inform the audit subsystem that a system shutdown is in progress. The subsystem continues audit record generation to a temporary directory on the root file system. The audit daemon is also modified so that it survives the shutdown. The subsystem continues to generate audit records until disabled.

-d
Disable the audit subsystem. All audit record generation ceases and a termination record is written to the audit trail. This record results in the termination of the audit daemon. The subsystem properly synchronizes to ensure that the audit daemon has read all records from the audit trail before the system is allowed to terminate.

-m
Inform the audit subsystem that multi-user run state has been achieved and that alternate audit directories specified by the administrator using the Audit manager or auditsh are now mounted and available.

-c
Retrieve audit subsystem statistics from the audit device.

-q
Perform the specified option silently. Do not report errors attributable to the audit subsystem not being enabled at the moment.

Exit values

auditcmd returns 0 on success, 1 on command line argument error, and -1 on failure actions. Reasons for failure include parameter file inconsistencies, lack of permission, and security database inconsistency.

Authorization

Permission to use this utility requires the audit authorization in authorize(F).

See also

audit(HW)

``Understanding the audit subsystem'' in the System Administration Guide

Standards conformance

auditcmd is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003