A (SunSHIELD Basic Security Module Guide)

SunSHIELD Basic Security Module Guide


A

	-a option of auditreduce command ( )

	accept audit record ( )

	access audit record ( )

	acct audit record ( )

	acl audit record ( )

	acl token ( )

	ad audit flag ( )

	adding devices ( )

	adjtime audit record ( )

	administering auditing
		See also audit records; audit tokens; audit trail
		audit administration account ( ) ( )
		audit classes
			auditconfig command options ( )
			changing definitions ( )
			flags and definitions ( ) ( )
			mapping events ( ) ( )
			overview ( ) ( )
			selecting for auditing ( )
		audit_control file
			audit_user file modification ( )
			overview ( ) ( )
			prefixes in flags line ( ) ( )
			problem with contents ( )
		audit events
			audit tokens ( )
			auditconfig command options ( ) ( )
			categories ( )
			event-to-system call translation table ( ) ( )
			including in audit trail ( )
			kernel events ( ) ( ) ( ) ( ) ( )
			mapping to classes ( ) ( )
			numbers ( )
			overview ( ) ( )
			record formats and ( )
			user-level events ( ) ( ) ( )
		audit files ( ) ( )
			auditreduce command ( ) ( )
			combining ( ) ( ) ( )
			copying login/logout messages to single file ( ) ( )
			directory locations ( ) ( ) ( )
			displaying in entirety ( )
			file token ( ) ( )
			managing size of ( )
			minimum free space for file systems ( )
			names ( ) ( )
			nonactive files marked not_terminated ( ) ( ) ( )
			order for opening ( )
			overview ( ) ( )
			permissions ( )
			printing ( )
			reducing ( ) ( ) ( )
			reducing storage-space requirements ( ) ( ) ( )
			switching to new file ( )
			time stamps ( )
		audit flags ( ) ( )
			audit_control file line ( )
			audit_user file ( ) ( )
			auditconfig command options ( )
			definitions ( ) ( )
			machine-wide ( ) ( )
			overview ( )
			policy flags ( )
			prefixes ( ) ( )
			process preselection mask ( )
			syntax ( ) ( )
		audit partitions ( ) ( )
		audit records ( ) ( )
		audit trail creation ( ) ( )
			audit daemon's role ( ) ( )
			audit_data file ( )
			directory suitability ( )
			managing audit file size ( )
			overview ( )
		audit trail overflow prevention ( ) ( )
		audit_user file audit fields ( ) ( )
		audit_warn script ( ) ( ) ( )
		auditreduce command ( ) ( ) ( ) ( )
			-a option ( )
			-b option ( )
			capabilities ( )
			cleaning not_terminated files ( ) ( ) ( )
			-d option ( )
			described ( ) ( ) ( ) ( )
			distributed systems ( )
			examples ( ) ( )
			-O option ( ) ( ) ( ) ( )
			options ( ) ( ) ( )
			time stamp use ( )
			without options ( ) ( )
		configuration
			audit trail overflow prevention ( ) ( )
			auditconfig command ( ) ( )
			overview ( ) ( )
			planning ( ) ( )
			setting audit policies ( )
		cost control ( ) ( )
			analysis ( )
			processing time ( )
			storage ( ) ( )
		efficiency ( ) ( )
		normal users ( )
		overview ( ) ( )
		process audit characteristics ( ) ( )
			audit ID ( )
			audit session ID ( )
			process preselection mask ( ) ( ) ( )
			terminal ID ( )
		startup ( )

	administrative audit class ( )

	all
		audit class ( )
		audit flag
			caution for using ( )
			described ( )
		in user audit fields ( )

	allhard string with audit_warn script ( ) ( )

	allocatable devices
		See device allocation

	allocate audit record
		allocate-list device failure ( )
		allocate-list device success ( )
		deallocate device ( )
		deallocate device failure ( )
		device allocate failure ( )
		device allocate success ( )

	allocate command
		See also device allocation
		how the allocate mechanism works ( ) ( )
		options ( )
		using ( ) ( )

	allocate error state ( ) ( )

	allocating devices
		See device allocation

	allsoft string with audit_warn script ( )

	always-audit flags
		described ( ) ( )
		process preselection mask ( )

	analysis ( ) ( )
		audit record format ( ) ( )
		auditing features ( ) ( )
		auditreduce command ( ) ( ) ( )
		costs ( )
		praudit command ( ) ( ) ( )
		tools ( ) ( )

	ap audit flag ( )

	application audit class ( )

	arbitrary token ( ) ( ) ( )

	Archive tape drive clean script ( )

	arg token ( ) ( )

	arge policy
		exec_env token and ( )
		flag ( )

	argv policy
		exec_args token and ( )
		flag ( )

	asterisk (*) in device_allocate file ( ) ( )

	at audit record
		at-create crontab ( )
		at-delete atjob ( )
		at-permission ( )

	attr token ( ) ( )

	audio_clean script ( )

	audio devices, See device allocation, device-clean scripts ( )
		device-clean scripts ( )

	AUDIO_DRAIN ioctl system call ( )

	AUDIO_SETINFO ioctl system call ( )

	AUDIOGETREG ioctl system call ( )

	AUDIOSETREG ioctl system call ( )

	audit -n command ( )

	audit -s command
		preselection mask for existing processes ( )
		rereading audit files ( )
		resetting directory pointer ( ) ( )

	audit -t command ( )

	audit administration account ( ) ( )

	audit attributes
		See audit tokens

	audit audit record ( )

	audit classes
		auditconfig command options ( )
		changing definitions ( )
		flags and definitions ( ) ( )
		mapping events ( ) ( )
		overview ( ) ( )
		selecting for auditing ( )

	audit_control file
		audit daemon rereading after editing ( )
		audit_user file modification ( )
		dir: line
			described ( )
			examples ( ) ( )
			files subdirectory ( )
		examples ( ) ( )
		flags: line
			described ( )
			prefixes in ( ) ( )
			process preselection mask ( )
		minfree: line
			audit_warn condition ( )
			described ( )
		naflags: line ( )
		overview ( ) ( )
		prefixes in flags line ( ) ( )
		problem with contents ( )

	audit daemon
		audit_startup file ( )
		audit trail creation ( ) ( ) ( )
		audit_warn script
			conditions invoking ( ) ( )
			described ( ) ( ) ( )
			execution of ( )
		directories suitable to ( )
		enabling auditing ( )
		functions ( )
		order audit files are opened ( )
		rereading the audit_control file ( )
		terminating ( )

	audit_data file ( )

	audit_event file
		See also audit events
		audit event type ( )
		overview ( ) ( )

	audit events
		See also audit classes
		audit_event file
			audit event type ( )
			overview ( ) ( )
		categories ( )
		event-to-system call translation table ( ) ( )
		including in audit trail ( )
		kernel events
			audit tokens ( )
			auditconfig command options ( ) ( )
			described ( )
		mapping to classes ( ) ( )
		numbers ( )
		overview ( ) ( )
		record formats and ( )
		user-level events
			audit tokens ( )
			auditconfig command options ( )
			described ( )

	audit files
		See also audit trail; directories
		auditreduce command ( ) ( )
		combining ( ) ( ) ( )
		copying login/logout messages to single file ( ) ( )
		directory locations ( ) ( ) ( )
		displaying in entirety ( )
		file token ( ) ( )
		managing size of ( )
		minimum free space for file systems ( )
		names ( ) ( )
			closed files ( )
			form ( ) ( )
			still-active files ( ) ( )
			time stamps ( )
			use ( )
		nonactive files marked not_terminated ( ) ( ) ( )
		order for opening ( )
		overview ( ) ( )
		permissions ( )
		printing ( )
		reducing ( ) ( ) ( )
		reducing storage-space requirements ( ) ( ) ( )
		switching to new file ( )
		time stamps ( )

	audit flags ( ) ( )
		audit_control file line ( )
		audit_user file ( ) ( )
		auditconfig command options ( )
		definitions ( ) ( )
		machine-wide ( ) ( )
		overview ( )
		policy flags ( )
		prefixes ( ) ( )
		process preselection mask ( )
		syntax ( ) ( )

	audit ID ( ) ( ) ( )

	audit log files
		See audit files

	audit partitions ( ) ( )

	audit policies
		See also audit flags
		auditconfig options ( )
		setting ( )

	audit records
		See also audit tokens; specific audit records
		audit directories full ( ) ( ) ( ) ( )
		converting to human-readable format ( ) ( ) ( ) ( ) ( )
		displaying ( )
		format or structure ( ) ( ) ( ) ( )
		kernel-level generated ( ) ( )
		overview ( ) ( )
		policy flags ( )
		reducing audit files ( )
		selecting ( )
		self-contained records ( )
		tools ( ) ( )
		user-level generated ( ) ( )

	audit server mount-point path names ( )

	audit session ID ( ) ( )

	audit_startup file ( )

	audit threshold ( )

	audit tokens
		acl token ( )
		arbitrary token ( ) ( ) ( )
		arg token ( ) ( )
		attr token ( ) ( )
		audit record format ( ) ( ) ( ) ( )
		described ( )
		exec_args token ( )
		exec_env token ( )
		exit token ( ) ( )
		file token ( ) ( )
		groups token ( ) ( ) ( )
		header token ( ) ( ) ( ) ( ) ( )
		in_addr token ( ) ( )
		ip token ( ) ( )
		ipc_perm token ( ) ( )
		ipc token ( ) ( ) ( )
		iport token ( ) ( )
		newgroups token ( )
		opaque token ( ) ( )
		order in audit record ( )
		path token ( ) ( )
		policy flags ( )
		process token ( ) ( )
		return token ( ) ( )
		seq token ( ) ( )
		socket-inet token ( )
		socket token ( ) ( )
		subject token ( ) ( )
		table of ( )
		text token ( ) ( )
		trailer token ( ) ( ) ( )
		types ( ) ( )

	audit trail
		See also audit files, audit records; audit tokens
		analysis ( ) ( )
			audit record format ( ) ( )
			auditing features ( ) ( )
			auditreduce command ( ) ( ) ( )
			costs ( )
			praudit command ( ) ( ) ( )
			tools ( ) ( )
		creating ( ) ( ) ( )
			audit daemon's role ( ) ( ) ( )
			audit_data file ( )
			directory suitability ( )
			managing audit file size ( )
			overview ( )
		directory locations ( ) ( ) ( )
		events included ( )
		merging all files ( ) ( )
		monitoring in real time ( )
		overflow prevention ( ) ( )

	audit_user file
		prefixes for flags ( ) ( )
		process preselection mask ( )
		user audit fields ( ) ( )

	audit_warn script ( ) ( )
		allhard string ( ) ( )
		allsoft string ( )
		audit daemon execution of ( )
		auditsvc string ( )
		conditions invoking ( ) ( )
		described ( ) ( ) ( )
		ebusy string ( )
		hard string ( )
		postsigterm string ( )
		soft string ( )
		tmpfile string ( )

	auditconfig command
		audit flags as arguments ( )
		options ( ) ( )
		prefixes for flags ( ) ( )
		reducing storage-space requirements ( )

	auditd daemon
		audit_startup file ( )
		audit trail creation ( ) ( ) ( )
		audit_warn script
			conditions invoking ( ) ( )
			described ( ) ( ) ( )
			execution of ( )
		directories suitable to ( )
		enabling auditing ( )
		functions ( )
		order audit files are opened ( )
		rereading the audit_control file ( )
		terminating ( )

	auditing
		See administering auditing; audit trail

	auditon audit record
		A_GETCAR command ( )
		A_GETCLASS command ( )
		A_GETCOND command ( )
		A_GETCWD command ( )
		A_GETKMASK command ( )
		A_GETSTAT command ( )
		A_GPOLICY command ( )
		A_GQCTRL command ( )
		A_SETCLASS command ( )
		A_SETCOND command ( )
		A_SETKMASK command ( )
		A_SETSMASK command ( )
		A_SETSTAT command ( )
		A_SETUMASK command ( )
		A_SPOLICY command ( )
		A_SQCTRL command ( )

	auditreduce command ( ) ( )
		-a option ( )
		-b option ( )
		capabilities ( )
		cleaning not_terminated files ( ) ( ) ( )
		-d option ( )
		described ( ) ( ) ( ) ( )
		distributed systems ( )
		examples ( ) ( )
		-m option ( )
		-O option ( ) ( ) ( ) ( )
		options ( ) ( ) ( )
		time stamp use ( )
		without options ( ) ( )

	auditsvc
		audit record ( )
		system call
			fails ( ) ( )

	AUE_... names ( ) ( )
		event-to-system call translation table ( ) ( )

	automatically enabling auditing ( )