auditcat [ -p | -u ] [ -o OutFile ] [ -r ] [ InFile ]
The auditcat command is part of the audit subsystem, and is one of several backend commands that process the audit data records.
The auditcat command reads bin files of audit records from standard input or from the file specified by the InFile parameter. The command then processes the records and writes its output to standard output or to the file specified by the 0utFile parameter. The output can be compressed or not, depending on the flag selected.
One major use of the command is appending compressed bin files to the end of the system audit trail file.
If the /etc/security/audit/bincmds file includes $bin as the input file, input comes from the current bin file, bin1 or bin2. If the /etc/security/audit/bincmds file includes $trail as the output file, the records are written to the end of the system audit trail file.
If a bin file is not properly formed with a valid header and tail, an error is returned. See the auditpr command for information about audit headers and tails and the auditbin command for information on error recovery.
Access Control: This command should grant execute (x) access to the root user and members of the audit group. The command should be setuid to the root user and have the trusted computing base attribute.
To configure the system to append
audit bin data to the system audit trail file, add the following line to the
/etc/security/audit/bincmds file:
/usr/sbin/auditcat -o $trail $bin
When the auditbin daemon calls the auditcat command, the daemon replaces the $bin string with the path name of the current bin file, and replaces the $trail string with the name of the default audit trail file.
/usr/sbin/auditcat | Specifies the path to the auditcat command. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/audit/events | Contains the audit events of the system. |
/etc/security/audit/objects | Contains audit events for audited objects (files). |
/etc/security/audit/bincmds | Contains auditbin backend commands. |
The audit command, auditconv command, auditpr command, auditselect command.
auditbin daemon.
For general information on auditing, refer to Auditing Overview in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.
To see the steps you must take to establish an Auditing System, refer to Setting up Auditing in AIX 5L Version 5.1 System Management Guide: Operating System and Devices.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.