SunSHIELD Basic Security Module Guide
    
Numbers and Symbols
 
 + audit flag prefix ( Index Term Link ) ( Index Term Link )
 
 - audit flag prefix ( Index Term Link ) ( Index Term Link )
 
 \ ending file lines ( Index Term Link ) ( Index Term Link )
 
 # for comments in files ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 * in device_allocate file ( Index Term Link ) ( Index Term Link )
 
 ^+ audit flag prefix ( Index Term Link ) ( Index Term Link )
 
 ^- audit flag prefix ( Index Term Link ) ( Index Term Link )
    
A
 
 -a option of auditreduce command ( Index Term Link )
 
 accept audit record ( Index Term Link )
 
 access audit record ( Index Term Link )
 
 acct audit record ( Index Term Link )
 
 acl audit record ( Index Term Link )
 
 acl token ( Index Term Link )
 
 ad audit flag ( Index Term Link )
 
 adding devices ( Index Term Link )
 
 adjtime audit record ( Index Term Link )
 
 administering auditing
  See also audit records; audit tokens; audit trail
  audit administration account ( Index Term Link ) ( Index Term Link )
  audit classes
   auditconfig command options ( Index Term Link )
   changing definitions ( Index Term Link )
   flags and definitions ( Index Term Link ) ( Index Term Link )
   mapping events ( Index Term Link ) ( Index Term Link )
   overview ( Index Term Link ) ( Index Term Link )
   selecting for auditing ( Index Term Link )
  audit_control file
   audit_user file modification ( Index Term Link )
   overview ( Index Term Link ) ( Index Term Link )
   prefixes in flags line ( Index Term Link ) ( Index Term Link )
   problem with contents ( Index Term Link )
  audit events
   audit tokens ( Index Term Link )
   auditconfig command options ( Index Term Link ) ( Index Term Link )
   categories ( Index Term Link )
   event-to-system call translation table ( Index Term Link ) ( Index Term Link )
   including in audit trail ( Index Term Link )
   kernel events ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   mapping to classes ( Index Term Link ) ( Index Term Link )
   numbers ( Index Term Link )
   overview ( Index Term Link ) ( Index Term Link )
   record formats and ( Index Term Link )
   user-level events ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  audit files ( Index Term Link ) ( Index Term Link )
   auditreduce command ( Index Term Link ) ( Index Term Link )
   combining ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   copying login/logout messages to single file ( Index Term Link ) ( Index Term Link )
   directory locations ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   displaying in entirety ( Index Term Link )
   file token ( Index Term Link ) ( Index Term Link )
   managing size of ( Index Term Link )
   minimum free space for file systems ( Index Term Link )
   names ( Index Term Link ) ( Index Term Link )
   nonactive files marked not_terminated ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   order for opening ( Index Term Link )
   overview ( Index Term Link ) ( Index Term Link )
   permissions ( Index Term Link )
   printing ( Index Term Link )
   reducing ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   reducing storage-space requirements ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   switching to new file ( Index Term Link )
   time stamps ( Index Term Link )
  audit flags ( Index Term Link ) ( Index Term Link )
   audit_control file line ( Index Term Link )
   audit_user file ( Index Term Link ) ( Index Term Link )
   auditconfig command options ( Index Term Link )
   definitions ( Index Term Link ) ( Index Term Link )
   machine-wide ( Index Term Link ) ( Index Term Link )
   overview ( Index Term Link )
   policy flags ( Index Term Link )
   prefixes ( Index Term Link ) ( Index Term Link )
   process preselection mask ( Index Term Link )
   syntax ( Index Term Link ) ( Index Term Link )
  audit partitions ( Index Term Link ) ( Index Term Link )
  audit records ( Index Term Link ) ( Index Term Link )
  audit trail creation ( Index Term Link ) ( Index Term Link )
   audit daemon's role ( Index Term Link ) ( Index Term Link )
   audit_data file ( Index Term Link )
   directory suitability ( Index Term Link )
   managing audit file size ( Index Term Link )
   overview ( Index Term Link )
  audit trail overflow prevention ( Index Term Link ) ( Index Term Link )
  audit_user file audit fields ( Index Term Link ) ( Index Term Link )
  audit_warn script ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  auditreduce command ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   -a option ( Index Term Link )
   -b option ( Index Term Link )
   capabilities ( Index Term Link )
   cleaning not_terminated files ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   -d option ( Index Term Link )
   described ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   distributed systems ( Index Term Link )
   examples ( Index Term Link ) ( Index Term Link )
   -O option ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   options ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   time stamp use ( Index Term Link )
   without options ( Index Term Link ) ( Index Term Link )
  configuration
   audit trail overflow prevention ( Index Term Link ) ( Index Term Link )
   auditconfig command ( Index Term Link ) ( Index Term Link )
   overview ( Index Term Link ) ( Index Term Link )
   planning ( Index Term Link ) ( Index Term Link )
   setting audit policies ( Index Term Link )
  cost control ( Index Term Link ) ( Index Term Link )
   analysis ( Index Term Link )
   processing time ( Index Term Link )
   storage ( Index Term Link ) ( Index Term Link )
  efficiency ( Index Term Link ) ( Index Term Link )
  normal users ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  process audit characteristics ( Index Term Link ) ( Index Term Link )
   audit ID ( Index Term Link )
   audit session ID ( Index Term Link )
   process preselection mask ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   terminal ID ( Index Term Link )
  startup ( Index Term Link )
 
 administrative audit class ( Index Term Link )
 
 all
  audit class ( Index Term Link )
  audit flag
   caution for using ( Index Term Link )
   described ( Index Term Link )
  in user audit fields ( Index Term Link )
 
 allhard string with audit_warn script ( Index Term Link ) ( Index Term Link )
 
 allocatable devices
  See device allocation
 
 allocate audit record
  allocate-list device failure ( Index Term Link )
  allocate-list device success ( Index Term Link )
  deallocate device ( Index Term Link )
  deallocate device failure ( Index Term Link )
  device allocate failure ( Index Term Link )
  device allocate success ( Index Term Link )
 
 allocate command
  See also device allocation
  how the allocate mechanism works ( Index Term Link ) ( Index Term Link )
  options ( Index Term Link )
  using ( Index Term Link ) ( Index Term Link )
 
 allocate error state ( Index Term Link ) ( Index Term Link )
 
 allocating devices
  See device allocation
 
 allsoft string with audit_warn script ( Index Term Link )
 
 always-audit flags
  described ( Index Term Link ) ( Index Term Link )
  process preselection mask ( Index Term Link )
 
 analysis ( Index Term Link ) ( Index Term Link )
  audit record format ( Index Term Link ) ( Index Term Link )
  auditing features ( Index Term Link ) ( Index Term Link )
  auditreduce command ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  costs ( Index Term Link )
  praudit command ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  tools ( Index Term Link ) ( Index Term Link )
 
 ap audit flag ( Index Term Link )
 
 application audit class ( Index Term Link )
 
 arbitrary token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 Archive tape drive clean script ( Index Term Link )
 
 arg token ( Index Term Link ) ( Index Term Link )
 
 arge policy
  exec_env token and ( Index Term Link )
  flag ( Index Term Link )
 
 argv policy
  exec_args token and ( Index Term Link )
  flag ( Index Term Link )
 
 asterisk (*) in device_allocate file ( Index Term Link ) ( Index Term Link )
 
 at audit record
  at-create crontab ( Index Term Link )
  at-delete atjob ( Index Term Link )
  at-permission ( Index Term Link )
 
 attr token ( Index Term Link ) ( Index Term Link )
 
 audio_clean script ( Index Term Link )
 
 audio devices, See device allocation, device-clean scripts ( Index Term Link )
  device-clean scripts ( Index Term Link )
 
 AUDIO_DRAIN ioctl system call ( Index Term Link )
 
 AUDIO_SETINFO ioctl system call ( Index Term Link )
 
 AUDIOGETREG ioctl system call ( Index Term Link )
 
 AUDIOSETREG ioctl system call ( Index Term Link )
 
 audit -n command ( Index Term Link )
 
 audit -s command
  preselection mask for existing processes ( Index Term Link )
  rereading audit files ( Index Term Link )
  resetting directory pointer ( Index Term Link ) ( Index Term Link )
 
 audit -t command ( Index Term Link )
 
 audit administration account ( Index Term Link ) ( Index Term Link )
 
 audit attributes
  See audit tokens
 
 audit audit record ( Index Term Link )
 
 audit classes
  auditconfig command options ( Index Term Link )
  changing definitions ( Index Term Link )
  flags and definitions ( Index Term Link ) ( Index Term Link )
  mapping events ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  selecting for auditing ( Index Term Link )
 
 audit_control file
  audit daemon rereading after editing ( Index Term Link )
  audit_user file modification ( Index Term Link )
  dir: line
   described ( Index Term Link )
   examples ( Index Term Link ) ( Index Term Link )
   files subdirectory ( Index Term Link )
  examples ( Index Term Link ) ( Index Term Link )
  flags: line
   described ( Index Term Link )
   prefixes in ( Index Term Link ) ( Index Term Link )
   process preselection mask ( Index Term Link )
  minfree: line
   audit_warn condition ( Index Term Link )
   described ( Index Term Link )
  naflags: line ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  prefixes in flags line ( Index Term Link ) ( Index Term Link )
  problem with contents ( Index Term Link )
 
 audit daemon
  audit_startup file ( Index Term Link )
  audit trail creation ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  audit_warn script
   conditions invoking ( Index Term Link ) ( Index Term Link )
   described ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   execution of ( Index Term Link )
  directories suitable to ( Index Term Link )
  enabling auditing ( Index Term Link )
  functions ( Index Term Link )
  order audit files are opened ( Index Term Link )
  rereading the audit_control file ( Index Term Link )
  terminating ( Index Term Link )
 
 audit_data file ( Index Term Link )
 
 audit_event file
  See also audit events
  audit event type ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
 
 audit events
  See also audit classes
  audit_event file
   audit event type ( Index Term Link )
   overview ( Index Term Link ) ( Index Term Link )
  categories ( Index Term Link )
  event-to-system call translation table ( Index Term Link ) ( Index Term Link )
  including in audit trail ( Index Term Link )
  kernel events
   audit tokens ( Index Term Link )
   auditconfig command options ( Index Term Link ) ( Index Term Link )
   described ( Index Term Link )
  mapping to classes ( Index Term Link ) ( Index Term Link )
  numbers ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  record formats and ( Index Term Link )
  user-level events
   audit tokens ( Index Term Link )
   auditconfig command options ( Index Term Link )
   described ( Index Term Link )
 
 audit files
  See also audit trail; directories
  auditreduce command ( Index Term Link ) ( Index Term Link )
  combining ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  copying login/logout messages to single file ( Index Term Link ) ( Index Term Link )
  directory locations ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  displaying in entirety ( Index Term Link )
  file token ( Index Term Link ) ( Index Term Link )
  managing size of ( Index Term Link )
  minimum free space for file systems ( Index Term Link )
  names ( Index Term Link ) ( Index Term Link )
   closed files ( Index Term Link )
   form ( Index Term Link ) ( Index Term Link )
   still-active files ( Index Term Link ) ( Index Term Link )
   time stamps ( Index Term Link )
   use ( Index Term Link )
  nonactive files marked not_terminated ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  order for opening ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  permissions ( Index Term Link )
  printing ( Index Term Link )
  reducing ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  reducing storage-space requirements ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  switching to new file ( Index Term Link )
  time stamps ( Index Term Link )
 
 audit flags ( Index Term Link ) ( Index Term Link )
  audit_control file line ( Index Term Link )
  audit_user file ( Index Term Link ) ( Index Term Link )
  auditconfig command options ( Index Term Link )
  definitions ( Index Term Link ) ( Index Term Link )
  machine-wide ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link )
  policy flags ( Index Term Link )
  prefixes ( Index Term Link ) ( Index Term Link )
  process preselection mask ( Index Term Link )
  syntax ( Index Term Link ) ( Index Term Link )
 
 audit ID ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 audit log files
  See audit files
 
 audit partitions ( Index Term Link ) ( Index Term Link )
 
 audit policies
  See also audit flags
  auditconfig options ( Index Term Link )
  setting ( Index Term Link )
 
 audit records
  See also audit tokens; specific audit records
  audit directories full ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  converting to human-readable format ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  displaying ( Index Term Link )
  format or structure ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  kernel-level generated ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  policy flags ( Index Term Link )
  reducing audit files ( Index Term Link )
  selecting ( Index Term Link )
  self-contained records ( Index Term Link )
  tools ( Index Term Link ) ( Index Term Link )
  user-level generated ( Index Term Link ) ( Index Term Link )
 
 audit server mount-point path names ( Index Term Link )
 
 audit session ID ( Index Term Link ) ( Index Term Link )
 
 audit_startup file ( Index Term Link )
 
 audit threshold ( Index Term Link )
 
 audit tokens
  acl token ( Index Term Link )
  arbitrary token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  arg token ( Index Term Link ) ( Index Term Link )
  attr token ( Index Term Link ) ( Index Term Link )
  audit record format ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link )
  exec_args token ( Index Term Link )
  exec_env token ( Index Term Link )
  exit token ( Index Term Link ) ( Index Term Link )
  file token ( Index Term Link ) ( Index Term Link )
  groups token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  header token ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  in_addr token ( Index Term Link ) ( Index Term Link )
  ip token ( Index Term Link ) ( Index Term Link )
  ipc_perm token ( Index Term Link ) ( Index Term Link )
  ipc token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  iport token ( Index Term Link ) ( Index Term Link )
  newgroups token ( Index Term Link )
  opaque token ( Index Term Link ) ( Index Term Link )
  order in audit record ( Index Term Link )
  path token ( Index Term Link ) ( Index Term Link )
  policy flags ( Index Term Link )
  process token ( Index Term Link ) ( Index Term Link )
  return token ( Index Term Link ) ( Index Term Link )
  seq token ( Index Term Link ) ( Index Term Link )
  socket-inet token ( Index Term Link )
  socket token ( Index Term Link ) ( Index Term Link )
  subject token ( Index Term Link ) ( Index Term Link )
  table of ( Index Term Link )
  text token ( Index Term Link ) ( Index Term Link )
  trailer token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  types ( Index Term Link ) ( Index Term Link )
 
 audit trail
  See also audit files, audit records; audit tokens
  analysis ( Index Term Link ) ( Index Term Link )
   audit record format ( Index Term Link ) ( Index Term Link )
   auditing features ( Index Term Link ) ( Index Term Link )
   auditreduce command ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   costs ( Index Term Link )
   praudit command ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   tools ( Index Term Link ) ( Index Term Link )
  creating ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   audit daemon's role ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   audit_data file ( Index Term Link )
   directory suitability ( Index Term Link )
   managing audit file size ( Index Term Link )
   overview ( Index Term Link )
  directory locations ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  events included ( Index Term Link )
  merging all files ( Index Term Link ) ( Index Term Link )
  monitoring in real time ( Index Term Link )
  overflow prevention ( Index Term Link ) ( Index Term Link )
 
 audit_user file
  prefixes for flags ( Index Term Link ) ( Index Term Link )
  process preselection mask ( Index Term Link )
  user audit fields ( Index Term Link ) ( Index Term Link )
 
 audit_warn script ( Index Term Link ) ( Index Term Link )
  allhard string ( Index Term Link ) ( Index Term Link )
  allsoft string ( Index Term Link )
  audit daemon execution of ( Index Term Link )
  auditsvc string ( Index Term Link )
  conditions invoking ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  ebusy string ( Index Term Link )
  hard string ( Index Term Link )
  postsigterm string ( Index Term Link )
  soft string ( Index Term Link )
  tmpfile string ( Index Term Link )
 
 auditconfig command
  audit flags as arguments ( Index Term Link )
  options ( Index Term Link ) ( Index Term Link )
  prefixes for flags ( Index Term Link ) ( Index Term Link )
  reducing storage-space requirements ( Index Term Link )
 
 auditd daemon
  audit_startup file ( Index Term Link )
  audit trail creation ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  audit_warn script
   conditions invoking ( Index Term Link ) ( Index Term Link )
   described ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   execution of ( Index Term Link )
  directories suitable to ( Index Term Link )
  enabling auditing ( Index Term Link )
  functions ( Index Term Link )
  order audit files are opened ( Index Term Link )
  rereading the audit_control file ( Index Term Link )
  terminating ( Index Term Link )
 
 auditing
  See administering auditing; audit trail
 
 auditon audit record
  A_GETCAR command ( Index Term Link )
  A_GETCLASS command ( Index Term Link )
  A_GETCOND command ( Index Term Link )
  A_GETCWD command ( Index Term Link )
  A_GETKMASK command ( Index Term Link )
  A_GETSTAT command ( Index Term Link )
  A_GPOLICY command ( Index Term Link )
  A_GQCTRL command ( Index Term Link )
  A_SETCLASS command ( Index Term Link )
  A_SETCOND command ( Index Term Link )
  A_SETKMASK command ( Index Term Link )
  A_SETSMASK command ( Index Term Link )
  A_SETSTAT command ( Index Term Link )
  A_SETUMASK command ( Index Term Link )
  A_SPOLICY command ( Index Term Link )
  A_SQCTRL command ( Index Term Link )
 
 auditreduce command ( Index Term Link ) ( Index Term Link )
  -a option ( Index Term Link )
  -b option ( Index Term Link )
  capabilities ( Index Term Link )
  cleaning not_terminated files ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  -d option ( Index Term Link )
  described ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  distributed systems ( Index Term Link )
  examples ( Index Term Link ) ( Index Term Link )
  -m option ( Index Term Link )
  -O option ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  options ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  time stamp use ( Index Term Link )
  without options ( Index Term Link ) ( Index Term Link )
 
 auditsvc
  audit record ( Index Term Link )
  system call
   fails ( Index Term Link ) ( Index Term Link )
 
 AUE_... names ( Index Term Link ) ( Index Term Link )
  event-to-system call translation table ( Index Term Link ) ( Index Term Link )
 
 automatically enabling auditing ( Index Term Link )
    
B
 
 -b option of auditreduce command ( Index Term Link )
 
 backslash (\) ending file lines ( Index Term Link ) ( Index Term Link )
 
 Basic Security Module (BSM)
  client-server relationships ( Index Term Link )
  disabling ( Index Term Link )
  enabling ( Index Term Link ) ( Index Term Link )
  installing ( Index Term Link ) ( Index Term Link )
  packages ( Index Term Link )
 
 binary audit record format ( Index Term Link )
 
 bind audit record ( Index Term Link )
 
 BSM
  See Basic Security Module (BSM)
 
 bsmconv script
  devicemaps file creation ( Index Term Link )
  enabling BSM ( Index Term Link ) ( Index Term Link )
 
 bsmunconv script ( Index Term Link )
    
C
 
 C2 TCSEC features ( Index Term Link )
 
 carat (^) in audit flag prefixes ( Index Term Link ) ( Index Term Link )
 
 cartridge tape drives
  See tape drives
 
 CD-ROM drives
  See also device allocation
  device-clean scripts ( Index Term Link ) ( Index Term Link )
 
 change password audit record ( Index Term Link )
 
 chdir audit record ( Index Term Link )
 
 -chkconf option of auditconfig command ( Index Term Link )
 
 chmod audit record ( Index Term Link )
 
 chown audit record ( Index Term Link )
 
 chroot audit record ( Index Term Link )
 
 cl audit flag ( Index Term Link )
 
 classes
  auditconfig command options ( Index Term Link )
  changing definitions ( Index Term Link )
  flags and definitions ( Index Term Link ) ( Index Term Link )
  mapping events ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  selecting for auditing ( Index Term Link )
 
 clean scripts
  See device-clean scripts
 
 cleaning not_terminated files ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 clients, enabling BSM for ( Index Term Link )
 
 close audit record ( Index Term Link )
 
 cnt policy ( Index Term Link ) ( Index Term Link )
  flag ( Index Term Link )
 
 combining audit files ( Index Term Link )
  auditreduce command ( Index Term Link ) ( Index Term Link )
 
 commands
  See also specific commands
  device-allocation utilities ( Index Term Link ) ( Index Term Link )
 
 comments
  device_allocate file ( Index Term Link )
  device_maps file ( Index Term Link )
 
 -conf option of auditconfig command ( Index Term Link )
 
 configuring
  audit trail overflow prevention ( Index Term Link ) ( Index Term Link )
  auditconfig command ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  planning ( Index Term Link ) ( Index Term Link )
  setting audit policies ( Index Term Link )
 
 connect audit record ( Index Term Link )
 
 converting audit records to human-readable format ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 copying login/logout messages to single file ( Index Term Link ) ( Index Term Link )
 
 cost control ( Index Term Link ) ( Index Term Link )
  analysis ( Index Term Link )
  processing time ( Index Term Link )
  storage ( Index Term Link ) ( Index Term Link )
 
 creat audit record ( Index Term Link )
 
 creating the audit trail ( Index Term Link ) ( Index Term Link )
  audit daemon's role ( Index Term Link ) ( Index Term Link )
  audit_data file ( Index Term Link )
  directory suitability ( Index Term Link )
  managing audit file size ( Index Term Link )
  overview ( Index Term Link )
 
 cron job ( Index Term Link )
 
 crontab audit record
  cron-invoke atjob or crontab ( Index Term Link )
  crontab-crontab created ( Index Term Link )
  crontab-crontab deleted ( Index Term Link )
  crontab-permission ( Index Term Link )
    
D
 
 -d option
  auditreduce command ( Index Term Link )
  praudit command ( Index Term Link )
 
 daemon, audit
  See audit daemon
 
 date-time auditreduce command options ( Index Term Link )
 
 deallocate command
  allocate error state ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link ) ( Index Term Link )
  device-clean scripts and ( Index Term Link )
  using ( Index Term Link )
 
 debugging sequence number ( Index Term Link ) ( Index Term Link )
 
 defaults
  audit policies ( Index Term Link )
  audit_startup file ( Index Term Link )
  machine-wide ( Index Term Link )
  praudit output format ( Index Term Link ) ( Index Term Link )
   header token ( Index Term Link )
 
 device_allocate file
  format ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
 
 device allocation ( Index Term Link ) ( Index Term Link )
  adding devices ( Index Term Link )
  allocatable devices ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  allocate command
   how the allocate mechanism works ( Index Term Link ) ( Index Term Link )
   options ( Index Term Link )
   using ( Index Term Link ) ( Index Term Link )
  allocate error state ( Index Term Link ) ( Index Term Link )
  allocating a device ( Index Term Link ) ( Index Term Link )
  components of the allocation mechanism ( Index Term Link )
  deallocate command
   allocate error state ( Index Term Link ) ( Index Term Link )
   described ( Index Term Link ) ( Index Term Link )
   device-clean scripts and ( Index Term Link )
   using ( Index Term Link )
  device_allocate file ( Index Term Link ) ( Index Term Link )
  device-clean scripts ( Index Term Link ) ( Index Term Link )
   adding devices ( Index Term Link )
   audio devices ( Index Term Link )
   CD-ROM drives ( Index Term Link ) ( Index Term Link )
   described ( Index Term Link )
   diskette drives ( Index Term Link ) ( Index Term Link )
   options ( Index Term Link )
   tape drives ( Index Term Link ) ( Index Term Link )
   writing new scripts ( Index Term Link )
  device_maps file ( Index Term Link ) ( Index Term Link )
  list_devices command ( Index Term Link ) ( Index Term Link )
  lock file setup ( Index Term Link ) ( Index Term Link )
  managing devices ( Index Term Link )
  reallocating ( Index Term Link )
  risks associated with device use ( Index Term Link ) ( Index Term Link )
  using device allocations ( Index Term Link ) ( Index Term Link )
  utilities ( Index Term Link ) ( Index Term Link )
 
 device-clean scripts
  adding devices ( Index Term Link )
  audio devices ( Index Term Link )
  CD-ROM drives ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link )
  diskette drives ( Index Term Link ) ( Index Term Link )
  options ( Index Term Link )
  tape drives ( Index Term Link ) ( Index Term Link )
  writing new scripts ( Index Term Link )
 
 device_maps file
  format ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link )
 
 devices
  See also device allocation
  adding ( Index Term Link )
  lock files ( Index Term Link ) ( Index Term Link )
  managing ( Index Term Link )
 
 dir: line in audit_control file
  described ( Index Term Link )
  example ( Index Term Link ) ( Index Term Link )
  for files subdirectory ( Index Term Link )
 
 directories
  audit_control file definitions ( Index Term Link )
  audit daemon pointer ( Index Term Link ) ( Index Term Link )
  audit directories full ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  audit directory locations ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  audit partitions ( Index Term Link ) ( Index Term Link )
  diskfull machines ( Index Term Link ) ( Index Term Link )
  files subdirectory ( Index Term Link )
  mounting audit directories ( Index Term Link )
  permissions ( Index Term Link )
  suitable to audit daemon ( Index Term Link )
 
 disabling BSM ( Index Term Link )
 
 disk-space requirements ( Index Term Link ) ( Index Term Link )
 
 diskette drives
  See also device allocation
  device-clean scripts ( Index Term Link ) ( Index Term Link )
 
 diskfull machines' audit directory ( Index Term Link ) ( Index Term Link )
 
 diskless clients, enabling BSM for ( Index Term Link )
 
 displaying
  audit log in entirety ( Index Term Link )
  audit records ( Index Term Link )
 
 distributed systems' auditreduce command use ( Index Term Link )
 
 dminfo command ( Index Term Link )
 
 doorfs audit record
  DOOR_BIND command ( Index Term Link )
  DOOR_CALL command ( Index Term Link )
  DOOR_CREATE command ( Index Term Link )
  DOOR_CRED command ( Index Term Link )
  DOOR_INFO command ( Index Term Link )
  DOOR_RETURN command ( Index Term Link )
  DOOR_REVOKE command ( Index Term Link )
  DOOR_UNBIND command ( Index Term Link )
 
 drives
  See device allocation
    
E
 
 ebusy string and audit_warn script ( Index Term Link )
 
 efficiency ( Index Term Link ) ( Index Term Link )
 
 eject command ( Index Term Link )
 
 enabling
  auditing ( Index Term Link )
  BSM ( Index Term Link ) ( Index Term Link )
 
 ending
  disabling BSM ( Index Term Link )
  signal received during auditing shutdown ( Index Term Link )
  terminating audit daemon ( Index Term Link )
 
 enter prom audit record ( Index Term Link )
 
 errors
  allocate error state ( Index Term Link ) ( Index Term Link )
  audit directories full ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  internal errors ( Index Term Link )
 
 /etc/security/audit/bsmconv script
  devicemaps file creation ( Index Term Link )
  enabling BSM ( Index Term Link ) ( Index Term Link )
 
 /etc/security/audit/bsmunconv script ( Index Term Link )
 
 /etc/security/audit_control file
  See audit_control file
 
 /etc/security/audit_data file ( Index Term Link )
 
 /etc/security/audit directory ( Index Term Link ) ( Index Term Link )
 
 /etc/security/audit_event file
  See also audit events
  audit event type ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
 
 /etc/security/audit_startup file ( Index Term Link )
 
 /etc/security/audit_warn script ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 /etc/security/dev lock files ( Index Term Link ) ( Index Term Link )
 
 /etc/security directory ( Index Term Link ) ( Index Term Link )
 
 event modifier field flags (header token) ( Index Term Link )
 
 event numbers ( Index Term Link )
 
 events
  See also audit classes
  categories ( Index Term Link )
  event-to-system call translation table ( Index Term Link ) ( Index Term Link )
  including in audit trail ( Index Term Link )
  kernel events
   audit tokens ( Index Term Link )
   auditconfig command options ( Index Term Link ) ( Index Term Link )
   described ( Index Term Link )
  mapping to classes ( Index Term Link ) ( Index Term Link )
  numbers ( Index Term Link )
  overview ( Index Term Link ) ( Index Term Link )
  record formats and ( Index Term Link )
  user-level events
   audit tokens ( Index Term Link )
   auditconfig command options ( Index Term Link )
   described ( Index Term Link )
 
 ex audit flag ( Index Term Link )
 
 exec_args token ( Index Term Link )
 
 exec audit class ( Index Term Link )
 
 exec audit record ( Index Term Link )
 
 exec_env token ( Index Term Link )
 
 execve audit record ( Index Term Link )
 
 exit audit record ( Index Term Link )
 
 exit prom audit record ( Index Term Link )
 
 exit token ( Index Term Link ) ( Index Term Link )
 
 export list ( Index Term Link )
    
F
 
 -F option
  allocate command ( Index Term Link )
  deallocate command ( Index Term Link )
  st_clean script ( Index Term Link )
 
 fa audit flag ( Index Term Link )
 
 facl audit record ( Index Term Link )
 
 failure
  audit flag prefix ( Index Term Link ) ( Index Term Link )
  turning off audit flags for ( Index Term Link ) ( Index Term Link )
 
 fc audit flag ( Index Term Link )
 
 fchdir audit record ( Index Term Link )
 
 fchmod audit record ( Index Term Link )
 
 fchown audit record ( Index Term Link )
 
 fchroot audit record ( Index Term Link )
 
 fcntl audit record ( Index Term Link )
 
 fd audit flag ( Index Term Link )
 
 fd_clean script ( Index Term Link )
 
 file_attr_acc audit class ( Index Term Link )
 
 file_attr_mod audit class ( Index Term Link )
 
 file_close audit class ( Index Term Link )
 
 file_creation audit class ( Index Term Link )
 
 file_deletion audit class ( Index Term Link )
 
 file_read audit class ( Index Term Link )
 
 file systems
  See audit files; directories
 
 file token ( Index Term Link ) ( Index Term Link )
 
 file vnode token ( Index Term Link ) ( Index Term Link )
 
 file_write audit class ( Index Term Link )
 
 files, audit
  See audit files
 
 files, lock ( Index Term Link ) ( Index Term Link )
 
 files subdirectory ( Index Term Link )
 
 flags ( Index Term Link ) ( Index Term Link )
  audit_control file line ( Index Term Link )
  audit_user file ( Index Term Link ) ( Index Term Link )
  auditconfig command options ( Index Term Link )
  definitions ( Index Term Link ) ( Index Term Link )
  machine-wide ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link )
  policy flags ( Index Term Link )
  prefixes ( Index Term Link ) ( Index Term Link )
  process preselection mask ( Index Term Link )
  syntax ( Index Term Link ) ( Index Term Link )
 
 flags: line in audit_control file
  described ( Index Term Link )
  prefixes in ( Index Term Link ) ( Index Term Link )
  process preselection mask ( Index Term Link )
 
 fm audit flag ( Index Term Link )
 
 forced cleanup ( Index Term Link )
 
 fork1 audit record ( Index Term Link )
 
 fork audit record ( Index Term Link )
 
 fr audit flag ( Index Term Link )
 
 fstatfs audit record ( Index Term Link )
 
 ftpd login audit record ( Index Term Link )
 
 fw audit flag ( Index Term Link )
    
G
 
 getaudit audit record ( Index Term Link )
 
 getauid audit record ( Index Term Link )
 
 -getclass option of auditconfig command ( Index Term Link )
 
 -getcond option of auditconfig command ( Index Term Link )
 
 getmsg audit record ( Index Term Link )
  socket accept ( Index Term Link )
  socket receive ( Index Term Link )
 
 -getpinfo option of auditconfig command ( Index Term Link )
 
 getpmsg audit record ( Index Term Link )
 
 -getpolicy option of auditconfig command ( Index Term Link )
 
 getportaudit audit record ( Index Term Link )
 
 graphics tablets
  See device allocation
 
 group policy
  flag ( Index Term Link )
  groups token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  newgroups token ( Index Term Link )
 
 groups token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
    
H
 
 halt: machine halt audit record ( Index Term Link )
 
 hard-disk-space requirements ( Index Term Link ) ( Index Term Link )
 
 hard string with audit_warn script ( Index Term Link )
 
 header token
  described ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  event-modifier field flags ( Index Term Link )
  fields ( Index Term Link )
  format ( Index Term Link )
  order in audit record ( Index Term Link ) ( Index Term Link )
  praudit display ( Index Term Link )
 
 human-readable audit record format
  See also audit tokens
  converting audit records to ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link ) ( Index Term Link )
    
I
 
 -I option
  deallocate command ( Index Term Link )
  st_clean script ( Index Term Link )
 
 IDs
  audit ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  audit session ( Index Term Link ) ( Index Term Link )
  audit user ( Index Term Link )
  auditconfig command options ( Index Term Link )
  terminal ( Index Term Link )
 
 in_addr token ( Index Term Link ) ( Index Term Link )
 
 in.ftpd audit record ( Index Term Link )
 
 in.rexecd audit record ( Index Term Link )
 
 in.rshd: rshd access denials/grants audit record ( Index Term Link )
 
 inetd: inetd service request audit record ( Index Term Link )
 
 init: init service request audit record ( Index Term Link )
 
 inst_sync audit record ( Index Term Link )
 
 installing BSM ( Index Term Link ) ( Index Term Link )
 
 Internet-related tokens
  in_addr token ( Index Term Link ) ( Index Term Link )
  ip token ( Index Term Link ) ( Index Term Link )
  iport token ( Index Term Link ) ( Index Term Link )
  socket-inet token ( Index Term Link )
  socket token ( Index Term Link ) ( Index Term Link )
 
 io audit flag ( Index Term Link )
 
 ioctl: ioctl to special devices audit record ( Index Term Link )
 
 ioctl audit class ( Index Term Link )
 
 ioctl system calls ( Index Term Link ) ( Index Term Link )
 
 ip audit flag ( Index Term Link )
 
 ip token ( Index Term Link ) ( Index Term Link )
 
 ipc audit class ( Index Term Link )
 
 ipc_perm token ( Index Term Link ) ( Index Term Link )
 
 ipc token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 ipc type field values (ipc token) ( Index Term Link )
 
 iport token ( Index Term Link ) ( Index Term Link )
 
 item size field values (arbitrary token) ( Index Term Link )
    
K
 
 kernel events
  See also audit events
  audit records ( Index Term Link ) ( Index Term Link )
  audit tokens ( Index Term Link )
  auditconfig command options ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link )
 
 kill audit record ( Index Term Link )
    
L
 
 -l option, praudit command ( Index Term Link )
 
 lchown audit record ( Index Term Link )
 
 link audit record ( Index Term Link )
 
 list_devices command ( Index Term Link ) ( Index Term Link )
 
 lo audit flag ( Index Term Link )
 
 lock files
  how the allocate mechanism works ( Index Term Link ) ( Index Term Link )
  setting up ( Index Term Link )
 
 log files
  See audit files
 
 login audit record
  logout ( Index Term Link )
  rlogin ( Index Term Link )
  telnet login ( Index Term Link )
  terminal login ( Index Term Link )
 
 login_logout audit class ( Index Term Link )
 
 login/logout messages, copying to single file ( Index Term Link ) ( Index Term Link )
 
 -lsevent option of auditconfig command ( Index Term Link )
 
 -lspolicy option of auditconfig command ( Index Term Link ) ( Index Term Link )
 
 lstat audit record ( Index Term Link )
 
 lxstat audit record ( Index Term Link )
    
M
 
 -m option of auditreduce command ( Index Term Link )
 
 machine halt audit record ( Index Term Link )
 
 machine reboot audit record ( Index Term Link )
 
 managing devices ( Index Term Link )
 
 mappings, class ( Index Term Link ) ( Index Term Link )
 
 mask, process preselection
  auditconfig command options ( Index Term Link )
  described ( Index Term Link )
  machine-wide ( Index Term Link )
  reducing storage costs ( Index Term Link ) ( Index Term Link )
 
 memcntl audit record ( Index Term Link )
 
 minfree: line in audit_control file
  audit_warn condition ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link )
  determining space needed ( Index Term Link )
 
 minus (-) audit flag prefix ( Index Term Link ) ( Index Term Link )
 
 mkdir audit record ( Index Term Link )
 
 mknod audit record ( Index Term Link )
 
 mmap audit record ( Index Term Link )
 
 modctl audit record
  MODADDMAJBIND command ( Index Term Link )
  MODCONFIG command ( Index Term Link )
  MODLOAD command ( Index Term Link )
  MODUNLOAD command ( Index Term Link )
 
 modems
  See device allocation
 
 monitoring audit trail in real time ( Index Term Link )
 
 mount audit record ( Index Term Link )
 
 mountd audit record
  NFS mount request ( Index Term Link )
  NFS unmount request ( Index Term Link )
 
 mounting audit directories ( Index Term Link )
 
 msgctl audit record
  IPC_RMID command ( Index Term Link )
  IPC_SET command ( Index Term Link )
  IPC_STAT command ( Index Term Link )
 
 msgget audit record ( Index Term Link )
 
 msgrcv audit record ( Index Term Link )
 
 msgsnd audit record ( Index Term Link )
 
 mt command, device-cleanup option ( Index Term Link )
 
 munmap audit record ( Index Term Link )
    
N
 
 na audit flag ( Index Term Link )
 
 naflags: line in audit_control file ( Index Term Link )
 
 names
  audit classes ( Index Term Link ) ( Index Term Link )
  audit files
   closed files ( Index Term Link )
   form ( Index Term Link ) ( Index Term Link )
   still-active files ( Index Term Link ) ( Index Term Link )
   time stamps ( Index Term Link )
   use ( Index Term Link )
  audit flags ( Index Term Link ) ( Index Term Link )
  device names
   device_allocate file ( Index Term Link )
   device_maps file ( Index Term Link )
  IDs
   audit ( Index Term Link ) ( Index Term Link )
   audit session ( Index Term Link ) ( Index Term Link )
   auditconfig command options ( Index Term Link )
   terminal ( Index Term Link )
  kernel events ( Index Term Link )
  mount-point path names on audit servers ( Index Term Link )
  user-level events ( Index Term Link )
 
 network audit class ( Index Term Link )
 
 never-audit flags ( Index Term Link ) ( Index Term Link )
 
 newgroups token ( Index Term Link )
 
 NFS mount request audit record ( Index Term Link )
 
 NFS unmount request audit record ( Index Term Link )
 
 nice audit record ( Index Term Link )
 
 no audit flag ( Index Term Link )
 
 no_class audit class ( Index Term Link )
 
 non_attrib audit class ( Index Term Link )
 
 nonattributable flags in audit_control file ( Index Term Link )
 
 normal users, auditing ( Index Term Link )
 
 not_terminated files, cleaning ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 nt audit flag ( Index Term Link )
 
 null audit class ( Index Term Link )
 
 numbers, event ( Index Term Link )
    
O
 
 -O option of auditreduce command ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 object-reuse requirement ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  device-clean scripts
   adding devices ( Index Term Link )
   audio devices ( Index Term Link )
   CD-ROM drives ( Index Term Link ) ( Index Term Link )
   described ( Index Term Link )
   diskette drives ( Index Term Link ) ( Index Term Link )
   tape drives ( Index Term Link ) ( Index Term Link )
   writing new scripts ( Index Term Link ) ( Index Term Link )
 
 opaque token ( Index Term Link ) ( Index Term Link )
 
 open audit record
  read ( Index Term Link )
  read, create ( Index Term Link )
  read, create, truncate ( Index Term Link )
  read, truncate ( Index Term Link )
  read, write ( Index Term Link )
  read, write, create ( Index Term Link )
  read, write, create, truncate ( Index Term Link )
  read, write, truncate ( Index Term Link )
  write ( Index Term Link )
  write, create ( Index Term Link )
  write, create, truncate ( Index Term Link )
  write, truncate ( Index Term Link )
 
 ot audit flag ( Index Term Link )
 
 other audit class ( Index Term Link )
 
 overflow prevention for audit trail ( Index Term Link ) ( Index Term Link )
    
P
 
 p_online audit record ( Index Term Link )
 
 partitions, audit ( Index Term Link ) ( Index Term Link )
 
 passwd audit record ( Index Term Link )
 
 path policy flag ( Index Term Link )
 
 path token ( Index Term Link ) ( Index Term Link )
 
 pathconf audit record ( Index Term Link )
 
 pc audit flag ( Index Term Link )
 
 permissions for audit file systems ( Index Term Link )
 
 pipe audit record ( Index Term Link )
 
 plus (+) audit flag prefix ( Index Term Link ) ( Index Term Link )
 
 policies
  See also audit flags
  auditconfig options ( Index Term Link )
  setting ( Index Term Link )
 
 postsigterm string and audit_warn script ( Index Term Link )
 
 pound sign (#) for comments in files ( Index Term Link ) ( Index Term Link )
 
 poweroff audit record ( Index Term Link )
 
 praudit command
  See also audit tokens
  converting audit records to human-readable format ( Index Term Link ) ( Index Term Link )
  described ( Index Term Link )
  human-readable format ( Index Term Link ) ( Index Term Link )
  output formats ( Index Term Link ) ( Index Term Link )
  piping auditreduce output to ( Index Term Link )
  using ( Index Term Link ) ( Index Term Link )
 
 prefixes in audit flags ( Index Term Link ) ( Index Term Link )
 
 preselection mask
  auditconfig command options ( Index Term Link )
  described ( Index Term Link )
  machine-wide ( Index Term Link )
  reducing storage costs ( Index Term Link ) ( Index Term Link )
 
 primary audit directory ( Index Term Link ) ( Index Term Link )
 
 print format field values (arbitrary token) ( Index Term Link )
 
 printing audit log ( Index Term Link )
 
 priocntlsys audit record ( Index Term Link )
 
 process audit characteristics ( Index Term Link ) ( Index Term Link )
  audit ID ( Index Term Link )
  audit session ID ( Index Term Link )
  process preselection mask ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  terminal ID ( Index Term Link )
 
 process audit class ( Index Term Link )
 
 process dumped core audit record ( Index Term Link )
 
 process groups tokens
  groups token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  newgroups token ( Index Term Link )
 
 process preselection mask
  auditconfig command options ( Index Term Link )
  described ( Index Term Link )
  reducing storage costs ( Index Term Link ) ( Index Term Link )
 
 process token ( Index Term Link ) ( Index Term Link )
 
 processing time costs ( Index Term Link )
 
 processor_bind audit record ( Index Term Link )
 
 putmsg audit record ( Index Term Link )
  socket connect ( Index Term Link )
  socket send ( Index Term Link )
 
 putpmsg audit record ( Index Term Link )
    
R
 
 -r praudit output format ( Index Term Link ) ( Index Term Link )
  header token ( Index Term Link )
 
 raw praudit output format ( Index Term Link ) ( Index Term Link )
  header token ( Index Term Link )
 
 readlink audit record ( Index Term Link )
 
 reallocating devices ( Index Term Link )
 
 reboot: machine reboot audit record ( Index Term Link )
 
 records
  See audit records
 
 reducing audit files ( Index Term Link )
  auditreduce command ( Index Term Link ) ( Index Term Link )
  storage-space requirements ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 rename audit record ( Index Term Link )
 
 return token ( Index Term Link ) ( Index Term Link )
 
 rewoffl option of mt command ( Index Term Link )
 
 risks associated with device use ( Index Term Link ) ( Index Term Link )
 
 rmdir audit record ( Index Term Link )
 
 rpc.rexd audit record ( Index Term Link )
 
 rshd access denials/grants audit record ( Index Term Link )
    
S
 
 -S option of st_clean script ( Index Term Link )
 
 -s praudit output format ( Index Term Link )
  header token ( Index Term Link )
 
 /sbin/init audit record ( Index Term Link )
 
 SCSI devices
  See also device allocation
  st_clean script ( Index Term Link )
 
 secondary audit directory ( Index Term Link ) ( Index Term Link )
 
 security risks associated with device use ( Index Term Link ) ( Index Term Link )
 
 selecting audit records ( Index Term Link )
 
 semctl audit record
  GETALL command ( Index Term Link )
  GETNCNT command ( Index Term Link )
  GETPID command ( Index Term Link )
  GETVAL command ( Index Term Link )
  GETZCNT command ( Index Term Link )
  IPC_RMID command ( Index Term Link )
  IPC_SET command ( Index Term Link )
  IPC_STAT command ( Index Term Link )
  SETALL command ( Index Term Link )
  SETVAL command ( Index Term Link )
 
 semget audit record ( Index Term Link )
 
 semop audit record ( Index Term Link )
 
 seq policy flag ( Index Term Link )
 
 seq token ( Index Term Link ) ( Index Term Link )
 
 servers, enabling BSM for clients ( Index Term Link )
 
 session ID ( Index Term Link ) ( Index Term Link )
 
 setaudit audit record ( Index Term Link )
 
 setauid audit record ( Index Term Link )
 
 -setclass option of auditconfig command ( Index Term Link )
 
 -setcond option of auditconfig command ( Index Term Link )
 
 setegid audit record ( Index Term Link )
 
 seteuid audit record ( Index Term Link )
 
 setgid audit record ( Index Term Link )
 
 setgroups audit record ( Index Term Link )
 
 setpgrp audit record ( Index Term Link )
 
 -setpmask option of auditconfig command ( Index Term Link )
 
 -setpolicy option of auditconfig command ( Index Term Link ) ( Index Term Link )
 
 setregid audit record ( Index Term Link )
 
 setreuid audit record ( Index Term Link )
 
 setrlimit audit record ( Index Term Link )
 
 -setsmask option of auditconfig command ( Index Term Link )
 
 setuid audit record ( Index Term Link )
 
 -setumask option of auditconfig command ( Index Term Link )
 
 SHIELD Basic Security Module
  See Basic Security Module (BSM)
 
 shmat audit record ( Index Term Link )
 
 shmctl audit record
  IPC_RMID command ( Index Term Link )
  IPC_SET command ( Index Term Link )
  IPC_STAT command ( Index Term Link )
 
 shmdt audit record ( Index Term Link )
 
 shmget audit record ( Index Term Link )
 
 short praudit output format ( Index Term Link )
  header token ( Index Term Link )
 
 shutdown audit record ( Index Term Link ) ( Index Term Link )
 
 shutting down
  See terminating
 
 signal received during auditing shutdown ( Index Term Link )
 
 size
  managing audit files ( Index Term Link )
  reducing audit files ( Index Term Link )
   auditreduce command ( Index Term Link ) ( Index Term Link )
   storage-space requirements ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 socket accept audit record ( Index Term Link )
 
 socket connect audit record ( Index Term Link )
 
 socket-inet token ( Index Term Link )
 
 socket receive audit record ( Index Term Link )
 
 socket send audit record ( Index Term Link )
 
 socket token ( Index Term Link ) ( Index Term Link )
 
 soft limit
  audit_warn condition ( Index Term Link )
  determining space needed ( Index Term Link )
  minfree: line described ( Index Term Link )
 
 soft string with audit_warn script ( Index Term Link )
 
 Solaris SHIELD Basic Security Module
  See Basic Security Module (BSM)
 
 sr_clean script ( Index Term Link )
 
 st_clean script for tape drives ( Index Term Link ) ( Index Term Link )
 
 standard cleanup ( Index Term Link )
 
 starting
  See enabling
 
 stat audit record ( Index Term Link )
 
 statfs audit record ( Index Term Link )
 
 statvfs audit record ( Index Term Link )
 
 stime audit record ( Index Term Link )
 
 storage costs ( Index Term Link ) ( Index Term Link )
 
 storage overflow prevention ( Index Term Link ) ( Index Term Link )
 
 su audit record ( Index Term Link )
 
 subject token ( Index Term Link ) ( Index Term Link )
 
 success
  audit flag prefix ( Index Term Link ) ( Index Term Link )
  turning off audit flags for ( Index Term Link )
 
 SUNWcar package ( Index Term Link )
 
 SUNWcsr package ( Index Term Link )
 
 SUNWcsu package ( Index Term Link )
 
 SUNWhea package ( Index Term Link )
 
 SUNWman package ( Index Term Link )
 
 symlink audit record ( Index Term Link )
 
 sysinfo audit record ( Index Term Link )
 
 system booted audit record ( Index Term Link )
 
 system calls
  arg token ( Index Term Link ) ( Index Term Link )
  auditsvc fails ( Index Term Link ) ( Index Term Link )
  close ( Index Term Link )
  event numbers ( Index Term Link )
  event-to-system call translation table ( Index Term Link ) ( Index Term Link )
  exec_args token ( Index Term Link )
  exec_env token ( Index Term Link )
  ioctl ( Index Term Link ) ( Index Term Link )
  return token ( Index Term Link ) ( Index Term Link )
 
 System V IPC
  ipc audit class ( Index Term Link )
  ipc_perm token ( Index Term Link ) ( Index Term Link )
  ipc token ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
    
T
 
 tail command ( Index Term Link )
 
 tape drives
  See also device allocation
  device-clean scripts ( Index Term Link )
  risks associated with use ( Index Term Link ) ( Index Term Link )
  st_clean script ( Index Term Link )
 
 TCP address ( Index Term Link ) ( Index Term Link )
 
 TCSEC (Trusted Computer System Evaluation Criteria) C2 features ( Index Term Link )
 
 temporary file cannot be used ( Index Term Link )
 
 terminal ID ( Index Term Link )
 
 terminals
  See device allocation
 
 terminating
  audit daemon ( Index Term Link )
  signal received during auditing shutdown ( Index Term Link )
 
 text token ( Index Term Link ) ( Index Term Link )
 
 time-date auditreduce command options ( Index Term Link )
 
 time stamps in audit files ( Index Term Link )
 
 tmpfile string and audit_warn script ( Index Term Link )
 
 tokens
  See audit tokens
 
 trail
  See audit trail
 
 trail policy flag ( Index Term Link )
 
 trailer token
  described ( Index Term Link ) ( Index Term Link )
  fields ( Index Term Link )
  format ( Index Term Link )
  order in audit record ( Index Term Link ) ( Index Term Link )
  praudit display ( Index Term Link )
 
 Trusted Computer System Evaluation Criteria (TCSEC) C2 features ( Index Term Link )
    
U
 
 -U option
  allocate command ( Index Term Link )
  list_devices command ( Index Term Link )
 
 uadmin audit record ( Index Term Link )
 
 UDP address ( Index Term Link ) ( Index Term Link )
 
 umount: old version audit record ( Index Term Link )
 
 unlink audit record ( Index Term Link )
 
 user audit fields ( Index Term Link ) ( Index Term Link )
 
 user ID (audit ID) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
 
 user-level events
  See also audit events
  audit records ( Index Term Link ) ( Index Term Link )
  audit tokens ( Index Term Link )
  auditconfig command options ( Index Term Link )
  described ( Index Term Link )
 
 /usr/sbin/uadmin audit record ( Index Term Link )
 
 /usr/bin/at audit record
  at-create crontab ( Index Term Link )
  at-delete atjob ( Index Term Link )
  at-permission ( Index Term Link )
 
 /usr/bin/crontab audit record
  cron-invoke atjob or crontab ( Index Term Link )
  crontab-crontab created ( Index Term Link )
  crontab-crontab deleted ( Index Term Link )
  crontab-permission ( Index Term Link )
 
 /usr/bin/login audit record
  logout ( Index Term Link )
  rlogin ( Index Term Link )
  telnet login ( Index Term Link )
  terminal login ( Index Term Link )
 
 /usr/bin/passwd: change password audit record ( Index Term Link )
 
 /usr/bin/su audit record ( Index Term Link )
 
 /usr/lib/nfs/mountd audit record
  NFS mount request ( Index Term Link )
  NFS unmount request ( Index Term Link )
 
 /usr/sbin/allocate audit record
  allocate-list device failure ( Index Term Link )
  allocate-list device success ( Index Term Link )
  deallocate device failure ( Index Term Link )
  deallocate device ( Index Term Link )
  device allocate failure ( Index Term Link )
  device allocate success ( Index Term Link )
 
 /usr/sbin/auditd daemon
  See audit daemon
 
 /usr/sbin/halt audit record ( Index Term Link )
 
 /usr/sbin/in.ftpd audit record ( Index Term Link )
 
 /usr/sbin/in.rexecd audit record ( Index Term Link )
 
 /usr/sbin/in.rshd audit record ( Index Term Link )
 
 /usr/sbin/inetd audit record ( Index Term Link )
 
 /usr/sbin/init audit record ( Index Term Link )
 
 /usr/sbin/poweroff audit record ( Index Term Link )
 
 /usr/sbin/reboot audit record ( Index Term Link )
 
 /usr/sbin/rpc.rexd audit record ( Index Term Link )
 
 /usr/sbin/shutdown audit record ( Index Term Link )
 
 /usr/ucb/shutdown audit record ( Index Term Link )
 
 utilities
  device allocation ( Index Term Link ) ( Index Term Link )
 
 utime audit record ( Index Term Link )
 
 utimes audit record ( Index Term Link )
 
 utssys - fusers audit record ( Index Term Link )
    
V
 
 vfork audit record ( Index Term Link )
 
 viewing
  See displaying
 
 vnode token ( Index Term Link ) ( Index Term Link )
 
 vtrace audit record ( Index Term Link )
    
W
 
 writing new device-clean scripts ( Index Term Link )
    
X
 
 xmknod audit record ( Index Term Link )
 
 xstat audit record ( Index Term Link )
 
 Xylogics tape drive clean script ( Index Term Link )