Table A-192 associates an audit event name with the system call or kernel event that created it. Table A-193 associates an audit event with the application or command that generated it.
Table A-192 Event-to-System Call Translation
Audit Event |
System Call |
---|---|
AUE_ACCEPT | |
AUE_ACCESS | |
AUE_ACLSET | |
AUE_ACCT | |
AUE_ADJTIME | |
AUE_AUDIT | |
AUE_AUDITON_GETCAR | |
AUE_AUDITON_GETCLASS | |
AUE_AUDITON_GETCOND | |
AUE_AUDITON_GETCWD | |
AUE_AUDITON_GETKMASK | |
AUE_AUDITON_GETSTAT | |
AUE_AUDITON_GPOLICY | |
AUE_AUDITON_GQCTRL | |
AUE_AUDITON_SETCLASS | |
AUE_AUDITON_SETCOND | |
AUE_AUDITON_SETKMASK | |
AUE_AUDITON_SETSMASK | |
AUE_AUDITON_SETSTAT | |
AUE_AUDITON_SETUMASK | |
AUE_AUDITON_SPOLICY | |
AUE_AUDITON_SQCTRL | |
AUE_AUDITSVC | |
AUE_BIND | |
AUE_CHDIR | |
AUE_CHMOD | |
AUE_CHOWN | |
AUE_CHROOT | |
AUE_CLOSE | |
AUE_CONNECT | |
AUE_CORE | |
AUE_CREAT | |
AUE_DOORFS_DOOR_BIND | |
AUE_DOORFS_DOOR_CALL | |
AUE_DOORFS_DOOR_CREATE | |
AUE_DOORFS_DOOR_CRED | |
AUE_DOORFS_DOOR_INFO | |
AUE_DOORFS_DOOR_RETURN | |
AUE_DOORFS_DOOR_REVOKE | |
AUE_DOORFS_DOOR_UNBIND | |
AUE_ENTERPROM | |
AUE_EXEC | |
AUE_EXECVE | |
AUE_EXIT | |
AUE_EXITPROM | |
AUE_FACLSET | |
AUE_FCHDIR | |
AUE_FCHMOD | |
AUE_FCHOWN | |
AUE_FCHROOT | |
AUE_FCNTL | |
AUE_FORK | |
AUE_FORK1 | |
AUE_FSTATFS | |
AUE_GETAUDIT | |
AUE_GETAUID | |
AUE_GETMSG | |
AUE_GETPMSG | |
AUE_GETPORTAUDIT | |
AUE_INST_SYNC | |
AUE_IOCTL | |
AUE_KILL | |
AUE_LCHOWN | |
AUE_LINK | |
AUE_LSTAT | |
AUE_LXSTAT | |
AUE_MEMCNTL | |
AUE_MKDIR | |
AUE_MKNOD | |
AUE_MMAP | |
AUE_MODADDMAJ | |
AUE_MODCONFIG | |
AUE_MODLOAD | |
AUE_MODUNLOAD | |
AUE_MOUNT | |
AUE_MSGCTL_RMID | |
AUE_MSGCTL_SET | |
AUE_MSGCTL_STAT | |
AUE_MSGGET | |
AUE_MSGRCV | |
AUE_MSGSND | |
AUE_MUNMAP | |
AUE_NICE | |
AUE_OPEN_R | |
AUE_OPEN_RC | |
AUE_OPEN_RT | |
AUE_OPEN_RTC | |
AUE_OPEN_RW | |
AUE_OPEN_RWC | |
AUE_OPEN_RWT | |
AUE_OPEN_RWTC | |
AUE_OPEN_W | |
AUE_OPEN_WC | |
AUE_OPEN_WT | |
AUE_OPEN_WTC | |
AUE_OSETUID | |
AUE_P_ONLINE | |
AUE_PATHCONF | |
AUE_PIPE | |
AUE_PRIOCNTLSYS | |
AUE_PROCESSOR_BIND | |
AUE_PUTMSG | |
AUE_PUTPMSG | |
AUE_READLINK | |
AUE_RENAME | |
AUE_RMDIR | |
AUE_SEMCTL_GETALL | |
AUE_SEMCTL_GETNCNT | |
AUE_SEMCTL_GETPID | |
AUE_SEMCTL_GETVAL | |
AUE_SEMCTL_GETZCNT | |
AUE_SEMCTL_RMID | |
AUE_SEMCTL_SET | |
AUE_SEMCTL_SETALL | |
AUE_SEMCTL_SETVAL | |
AUE_SEMCTL_STAT | |
AUE_SEMGET | |
AUE_SEMOP | |
AUE_SETAUDIT | |
AUE_SETAUID | |
AUE_SETEGID | |
AUE_SETEUID | |
AUE_SETGID | |
AUE_SETGROUPS | |
AUE_SETPGRP | |
AUE_SETREGID | |
AUE_SETREUID | |
AUE_SETRLIMIT | |
AUE_SETUID |
Reported as AUE_OSETUID, see Table A-136 |
AUE_SHMAT | |
AUE_SHMCTL_RMID | |
AUE_SHMCTL_SET | |
AUE_SHMCTL_STAT | |
AUE_SHMDT | |
AUE_SHMGET | |
AUE_SHUTDOWN | |
AUE_SOCKACCEPT | |
AUE_SOCKCONNECT | |
AUE_SOCKRECEIVE | |
AUE_SOCKSEND | |
AUE_STAT | |
AUE_STATFS | |
AUE_STATVFS | |
AUE_STIME | |
AUE_SYMLINK | |
AUE_SYSINFO | |
AUE_SYSTEMBOOT | |
AUE_UMOUNT | |
AUE_UNLINK | |
AUE_UTIME | |
AUE_UTIMES | |
AUE_UTSSYS | |
AUE_VFORK | |
AUE_VTRACE | |
AUE_XMKNOD | |
AUE_XSTAT |
Table A-193 Event-to-Command Translation
Audit Event |
Command |
---|---|
AUE_allocate_succ | |
AUE_allocate_fail | |
AUE_deallocate_succ | |
AUE_deallocate_fail | |
AUE_listdevice_succ | |
AUE_listdevice_fail | |
AUE_at_create | |
AUE_at_delete | |
AUE_at_perm | |
AUE_crontab_create | |
AUE_crontab_delete | |
AUE_cron_invoke | |
AUE_crontab_perm | |
AUE_halt_solaris | |
AUE_inetd_connect | |
AUE_init_solaris | |
AUE_ftpd | |
AUE_login | |
AUE_rlogin | |
AUE_telnet | |
AUE_logout | |
AUE_mountd_mount | |
AUE_mountd_umount | |
AUE_passwd | |
AUE_poweroff_solaris | |
AUE_reboot_solaris | |
AUE_rexd | |
AUE_rexecd | |
AUE_rshd | |
AUE_shutdown_solaris | |
AUE_su | |
AUE_uadmin_solaris |