Trusted Solaris Audit Administration


A

	aa audit class ( ) ( )

	aa audit flag ( )

	access audit record ( )

	acct audit record ( )

	acl token ( )

	ad audit flag ( )

	add_drv audit record ( )

	adjtime audit record ( )

	Admin Editor audit record ( )

	administrative roles, assuming ( )

	ahlt policy, flag ( )

	aliases, creating audit_warn mail alias ( )

	all
		audit flag ( )
			caution for using ( )
		in user audit fields ( )

	allhard string with audit_warn script ( ) ( )

	allocate audit record
		deallocate device ( )
		deallocate device failure ( )
		device allocate failure ( )
		device allocate success ( )
		list device failure ( )
		list device success ( )

	allsoft string with audit_warn script ( )

	always-audit flags
		described ( ) ( )
		process preselection mask ( )

	ao audit class ( ) ( )

	ao audit flag ( )

	ap audit class ( )

	ap audit flag ( )

	arbitrary token ( )

	arg token ( )

	arge policy, exec_env token and ( )

	argv policy, exec_args token and ( )

	as audit class ( )

	as audit flag ( )

	at audit record
		at-create crontab ( )
		at-delete atjob ( )
		at-permission ( )

	attr token ( )

	audit -n command ( )

	audit -s command
		preselection mask for existing processes ( )
		rereading audit files ( ) ( )
		resetting directory pointer ( )

	audit -t command ( )

	audit attributes
		See audit tokens

	audit audit record ( ) ( )

	audit classes
		adding ( )
		changing definitions ( )
		mapping events ( )
		overview ( ) ( )
		selecting for auditing ( )
		setting mappings for attributable events ( )
		setting mappings for non-attributable events ( )

	audit clients ( )

	audit_control file
		audit daemon rereading after editing ( )
		audit_user file modification ( )
		dir: line
			examples ( )
			files ( ) ( )
		dir: line described ( )
		examples ( )
		flags: line
			described ( )
			prefixes in ( )
			process preselection mask ( )
		minfree: line
			audit_warn condition ( )
			described ( )
		naflags: line ( )
		overview ( ) ( )
		prefixes in flags line ( )
		problem with contents ( )

	audit daemon
		audit_startup file ( )
		audit trail creation ( ) ( ) ( )
		audit_warn script
			conditions invoking ( ) ( )
			described ( ) ( ) ( )
		directories suitable to ( )
		enabling auditing ( )
		functions ( )
		order audit files are opened ( )
		rereading the audit_control file ( )
		starting ( )
		starting manually ( )

	audit_data file ( )

	audit directories
		creating ( )
		mounting ( )

	audit_event file
		overview ( ) ( )

	audit events
		audit_event file
			audit event type ( )
		audited by default ( )
		categories ( )
		finding in audit trail ( )
		including in audit trail ( )
		kernel events
			audit tokens ( )
			auditconfig command options ( )
			described ( )
		mapping to classes ( )
		non-attributable ( )
		numbers ( )
		numbers of system calls ( )
		overview ( ) ( )
		pseudo-events ( )
		record formats and ( )
		user-level events
			audit tokens ( )
			auditconfig command options ( )
			described ( )

	audit files
		/etc/security/audit_class file ( )
		/etc/security/audit_control file ( )
		/etc/security/audit_event file ( )
		/etc/security/audit_user file ( )
		/etc/security/audit_warn file ( )
		backup ( )
		cleaning up not_terminated file ( )
		combing selected ones ( )
		copying login/logout messages to single file ( ) ( )
		directory locations ( ) ( ) ( )
		displaying in entirety ( )
		managing ( )
		managing size of ( )
		merging ( )
		minimum free space for file systems ( )
		names
			closed files ( )
			examples ( )
			form ( ) ( )
			still-active files ( ) ( )
			time stamps ( )
			use ( )
		nonactive files marked not_terminated ( )
		order for opening ( )
		overflow prevention ( )
		printing ( ) ( ) ( )
		reading closed file ( )
		reading still-open file ( )
		reducing size ( )
		reducing storage space requirements ( ) ( )
		restoring ( )
		specifying location ( )
		switching to new file ( )
		time stamps ( )

	audit flags
		audit_control file line ( )
		audit_user file ( ) ( )
		changing dynamically ( )
		definitions ( )
		list of ( ) ( )
		machine-wide ( ) ( )
		overview ( )
		policy flags ( )
		prefixes ( )
		process preselection mask ( )
		syntax ( ) ( )

	audit IDs
		acquired at login ( )
		ensuring successful tracking ( )
		example audit record ( )

	audit log files
		See audit files

	audit mappings ( )

	audit partitions
		creating ( )
		removing free space ( )

	audit policies
		determining ( )
		setting ( ) ( )
		setting temporarily ( )

	audit records ( ) ( )
		adding sequence token ( )
		audit directories full ( ) ( )
		audit ID ( )
		audit session ID ( )
		converting to human-readable format ( ) ( )
		displaying by designated dates ( )
		displaying user activities ( )
		features in audit trail ( ) ( )
		format ( )
		format in audit trail ( ) ( )
		format or structure ( ) ( ) ( ) ( )
		human-readable format ( )
		kernel-level generated ( ) ( )
		login record ( ) ( )
		overview ( ) ( )
		policy flags ( )
		printing user activities ( )
		pseudo-events ( )
		reading ( )
		removing sequence token ( )
		selecting from audit trail ( )
		self-contained records ( )
		sending to a different file ( )
		time-stamp format ( )
		use of privilege ( )
		user-level generated ( ) ( )

	audit script ( ) ( )

	audit servers
		mount-point path names ( )
		partitioning example ( )
		planning ( )

	audit session ID ( ) ( )

	audit_startup file ( )

	audit tokens
		acl token ( )
		arbitrary token ( )
		arg token ( )
		attr token ( )
		audit record format ( ) ( ) ( ) ( )
		described ( )
		examples ( ) ( )
		clearance token ( )
		exec_args token ( )
		exec_env token ( )
		exit token ( ) ( ) ( )
		file token ( )
		groups token ( )
		header token ( ) ( ) ( ) ( )
		host token ( )
		in_addr token ( )
		ip token ( )
		ipc_perm token ( )
		ipc token ( ) ( ) ( )
		iport token ( )
		liaison token ( )
		newgroups token ( )
		opaque token ( )
		order ( )
		order in audit record ( )
		path token ( )
		policy flags ( )
		priv token ( )
		privilege token ( )
		process token ( )
		reading ( )
		return token ( ) ( )
		seq token ( )
		slabel token ( )
		socket-inet token ( )
		socket token ( ) ( )
		subject token ( )
		table of ( )
		text token ( )
		trailer token ( ) ( )
		types ( ) ( )
		xatom token ( )
		xclient token ( )
		xcolormap token ( )
		xcursor token ( )
		xfont token ( )
		xgc token ( )
		xpixmap token ( )
		xproperty token ( )
		xselect token ( )
		xwindow token ( )

	audit trail
		analysis
			auditing features ( ) ( )
			auditreduce command ( ) ( )
			costs ( )
			finding failed login attempts ( )
			of cost ( )
			praudit command ( ) ( )
		analyzing ( )
		auditreduce command ( ) ( )
		creating
			audit daemon's role ( ) ( ) ( )
			audit_data file ( )
			directory suitability ( )
			managing audit file size ( )
			overview ( )
		debugging ( )
		directory locations ( ) ( ) ( )
		events included ( )
		merging ( )
		monitoring in real time ( )
		overflow prevention ( ) ( )
		praudit command ( ) ( )

	audit_user file
		prefixes for flags ( )
		process preselection mask ( )
		user audit fields ( ) ( )

	audit_warn script ( ) ( )
		allhard string ( ) ( )
		allsoft string ( )
		auditsvc string ( )
		conditions invoking ( ) ( )
		described ( ) ( ) ( )
		ebusy string ( )
		hard string ( )
		postsigterm signal ( )
		soft string ( )
		tmpfile string ( )

	auditconfig command
		audit flags as arguments ( )
		changing class mappings ( )
		options ( ) ( )
		prefixes for flags ( )

	auditd daemon
		audit_startup file ( )
		audit trail creation ( ) ( ) ( )
		audit_warn script
			conditions invoking ( ) ( )
			described ( ) ( ) ( )
			execution of ( ) ( )
		directories suitable to ( )
		enabling auditing ( )
		functions ( )
		order audit files are opened ( )
		rereading the audit_control file ( )

	auditing
		advanced setup procedures ( ) ( )
		advanced tasks for security administrator ( )
		audit ID ( )
		audit session ID ( )
		for efficiency ( )
		basic setup procedures ( ) ( )
		basic tasks for security administrator ( )
		client-server relationships ( ) ( )
		considerations ( )
		defaults ( ) ( )
			audit_startup file ( )
		disabling ( ) ( )
		dynamic procedures ( )
		enabling ( ) ( ) ( )
		overview of administration ( ) ( )
		planning ( ) ( )
		removing free space ( )
		setup tasks for system administrator ( )
		shutdown ( )
		site planning ( )
		software packages ( )
		space planning ( ) ( )
		startup ( ) ( )
		user ID ( )
		warning of trouble ( )

	auditon audit record
		A_GETCAR command ( )
		A_GETCLASS command ( )
		A_GETCOND command ( )
		A_GETCWD command ( )
		A_GETKMASK command ( )
		A_GETSTAT command ( )
		A_GPOLICY command ( )
		A_GQCTRL command ( )
		A_SETCLASS command ( )
		A_SETCOND command ( )
		A_SETKMASK command ( )
		A_SETSMASK command ( )
		A_SETSTAT command ( )
		A_SETUMASK command ( )
		A_SPOLICY command ( )
		A_SQCTRL command ( )

	auditpsa audit record ( )

	auditreduce command
		capabilities ( )
		cleaning not_terminated files ( )
		described ( )
		distributed systems ( )
		examples ( ) ( ) ( )
		time stamp use ( )

	auditstat audit record ( )

	auditsvc, system call fails ( )

	auditsvc audit record ( )

	auditwrite audit record ( )

	AUE_... names ( )

	authorization use audit record ( )

	ax audit class ( )

	ax audit flag ( )