Converts pre-AIX Version 4 format audit bins to AIX Version 4 format.
auditconv OldFile NewFile
The auditconv command converts audit records which were generated by previous versions of the operating system into the format used by AIX Version 4 and higher of the operating system.
Audit records are read from the file OldFile, and written to the file NewFile. Each audit record is updated with thread information, with a default thread identifier of zero.
Notes:
Access Control: This command should grant execute (x) access to the root user and members of the audit group. The command should be setuid to the root user and have the trusted computing base attribute.
Files Accessed:
Mode | File |
---|---|
r | /etc/security/audit/events |
r | /etc/passwd |
r | /etc/group |
To convert the old audit file pre_v4_auditbin, storing the results in converted_auditbin, enter the following command:
/usr/sbin/auditconv pre_v4_auditbin converted_auditbin
/usr/sbin/auditconv | Specifies the path of the auditconv command. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/audit/events | Contains the audit events of the system. |
/etc/security/audit/objects | Contains information about audited objects (files). |
/etc/security/audit/bincmds | Contains auditbin backend commands. |
/etc/security/audit/streamcmds | Contains auditstream commands. |
The audit command, auditbin daemon, auditcat command, auditpr command, auditselect command, auditstream command.
The audit subroutine.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Standalone System Security in AIX 5L Version 5.2 Security Guide.
To see the steps you must take to establish an Auditing System, refer to Setting up Auditing in AIX 5L Version 5.2 Security Guide.