[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Files Reference

objects File

Purpose

Contains the audit events for audited objects (files).

Description

The /etc/security/audit/objects file is an ASCII stanza file that contains information about audited objects (files). This file contains one stanza for each audited file. The stanza has a name equal to the path name of the file.

Each file attribute has the following format:

access_mode = "audit_event "

An audit-event name can be up to 15 bytes long; longer names are rejected. Valid access modes are read (r), write (w), and execute (x) modes. For directories, search mode is substituted for execute mode.

Security

Access Control: This file should grant read (r) access to the root user and members of the audit group and grant write (w) access only to the root user.

Examples

To define the audit events for the /etc/security/passwd file, add a stanza to the /etc/security/audit/objects file. For example:

/etc/security/passwd:
   r = "S_PASSWD_READ"
   w = "S_PASSWD_WRITE"

These attributes generate a S_PASSWD_READ audit event each time the passwd file is read, and a S_PASSWD_WRITE audit event each time the file is opened for writing.

Files

/etc/security/audit/objects Specifies the path to the file.
/etc/security/audit/config Contains audit system configuration information.
/etc/security/audit/events Contains the audit events of the system.
/etc/security/audit/bincmds Contains auditbin backend commands.
/etc/security/audit/streamcmds Contains auditstream commands.

Related Information

The audit command.

The auditobj subroutine.

Setting Up Auditing in AIX 5L Version 5.2 System Management Guide: Operating System and Devices.

Auditing Overview, Security Administration in AIX 5L Version 5.2 System Management Concepts: Operating System and Devices.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]