JavaScript is required to for searching.
跳过导航链接
退出打印视图
手册页第 1M 部分:系统管理命令     Oracle Solaris 11 Information Library (简体中文)
search filter icon
search icon

文档信息

前言

简介

系统管理命令-第 1 单元

6to4relay(1M)

acct(1M)

acctadm(1M)

acctcms(1M)

acctcon1(1M)

acctcon(1M)

acctcon2(1M)

acctdisk(1M)

acctdusg(1M)

acctmerg(1M)

accton(1M)

acctprc1(1M)

acctprc(1M)

acctprc2(1M)

acctsh(1M)

acctwtmp(1M)

acpihpd(1M)

adbgen(1M)

add_allocatable(1M)

addbadsec(1M)

add_drv(1M)

arp(1M)

asradm(1M)

asr-notify(1M)

atohexlabel(1M)

audit(1M)

auditconfig(1M)

auditd(1M)

auditrecord(1M)

auditreduce(1M)

auditstat(1M)

audit_warn(1M)

automount(1M)

automountd(1M)

autopush(1M)

bart(1M)

beadm(1M)

boot(1M)

bootadm(1M)

bootconfchk(1M)

bootparamd(1M)

busstat(1M)

captoinfo(1M)

catman(1M)

cfgadm(1M)

cfgadm_ac(1M)

cfgadm_cardbus(1M)

cfgadm_fp(1M)

cfgadm_ib(1M)

cfgadm_pci(1M)

cfgadm_sata(1M)

cfgadm_sbd(1M)

cfgadm_scsi(1M)

cfgadm_sdcard(1M)

cfgadm_shp(1M)

cfgadm_sysctrl(1M)

cfgadm_usb(1M)

chargefee(1M)

chat(1M)

check-hostname(1M)

check-permissions(1M)

chk_encodings(1M)

chroot(1M)

cimworkshop(1M)

ckpacct(1M)

clear_locks(1M)

clinfo(1M)

closewtmp(1M)

clri(1M)

comsat(1M)

consadm(1m)

console-reset(1M)

conv_lp(1M)

conv_lpd(1M)

coreadm(1M)

cpustat(1M)

croinfo(1M)

cron(1M)

cryptoadm(1M)

cvcd(1M)

datadm(1M)

dcopy(1M)

dcs(1M)

dd(1M)

ddu(1M)

ddu-text(1M)

devchassisd(1M)

devfsadm(1M)

devfsadmd(1M)

device_allocate(1M)

device_remap(1M)

devinfo(1M)

devlinks(1M)

devnm(1M)

devprop(1M)

df(1M)

dfmounts(1M)

dfmounts_nfs(1M)

dfshares(1M)

dfshares_nfs(1M)

df_ufs(1M)

dhcpagent(1M)

dhcpconfig(1M)

dhcpmgr(1M)

dhtadm(1M)

dig(1M)

directoryserver(1M)

diskinfo(1M)

disks(1M)

diskscan(1M)

dispadmin(1M)

dladm(1M)

dlmgmtd(1M)

dlstat(1M)

dmesg(1M)

dminfo(1M)

dns-sd(1M)

dnssec-dsfromkey(1M)

dnssec-keyfromlabel(1M)

dnssec-keygen(1M)

dnssec-makekeyset(1M)

dnssec-signkey(1M)

dnssec-signzone(1M)

dodisk(1M)

domainname(1M)

drd(1M)

drvconfig(1M)

dsbitmap(1M)

dscfg(1M)

dscfgadm(1M)

dscfglockd(1M)

dsstat(1M)

dsvclockd(1M)

dtrace(1M)

dumpadm(1M)

editmap(1M)

edquota(1M)

eeprom(1M)

efdaemon(1M)

embedded_su(1M)

etrn(1M)

fbconfig(1M)

fbconf_xorg(1M)

fcadm(1M)

fcinfo(1M)

fdetach(1M)

fdisk(1M)

ff(1M)

ff_ufs(1M)

fingerd(1M)

fiocompress(1M)

flowadm(1M)

flowstat(1M)

fmadm(1M)

fmd(1M)

fmdump(1M)

fmstat(1M)

fmthard(1M)

format(1M)

fpsd(1M)

fruadm(1M)

fsck(1M)

fsck_pcfs(1M)

fsck_udfs(1M)

fsck_ufs(1M)

fsdb(1M)

fsdb_udfs(1M)

fsdb_ufs(1M)

fsirand(1M)

fssnap(1M)

fssnap_ufs(1M)

fsstat(1M)

fstyp(1M)

fuser(1M)

fwflash(1M)

fwtmp(1M)

getdevpolicy(1M)

getent(1M)

gettable(1M)

getty(1M)

gkadmin(1M)

groupadd(1M)

groupdel(1M)

groupmod(1M)

growfs(1M)

grpck(1M)

gsscred(1M)

gssd(1M)

hald(1M)

hal-device(1M)

hal-fdi-validate(1M)

hal-find(1M)

hal-find-by-capability(1M)

hal-find-by-property(1M)

hal-get-property(1M)

hal-set-property(1M)

halt(1M)

hextoalabel(1M)

host(1M)

hostconfig(1M)

hotplug(1M)

hotplugd(1M)

htable(1M)

ickey(1M)

id(1M)

idmap(1M)

idmapd(1M)

idsconfig(1M)

ifconfig(1M)

if_mpadm(1M)

ifparse(1M)

iiadm(1M)

iicpbmp(1M)

iicpshd(1M)

ikeadm(1M)

ikecert(1M)

ilbadm(1M)

inetadm(1M)

ilomconfig(1M)

imqadmin(1M)

imqbrokerd(1M)

imqcmd(1M)

imqdbmgr(1M)

imqkeytool(1M)

imqobjmgr(1M)

imqusermgr(1M)

in.chargend(1M)

in.comsat(1M)

in.daytimed(1M)

in.dhcpd(1M)

in.discardd(1M)

in.echod(1M)

inetadm(1M)

inetconv(1M)

inetd(1M)

in.fingerd(1M)

infocmp(1M)

in.iked(1M)

init(1M)

init.sma(1M)

init.wbem(1M)

inityp2l(1M)

in.lpd(1M)

in.mpathd(1M)

in.named(1M)

in.ndpd(1M)

in.rarpd(1M)

in.rdisc(1M)

in.rexecd(1M)

in.ripngd(1M)

in.rlogind(1M)

in.routed(1M)

in.rshd(1M)

in.rwhod(1M)

install(1M)

installboot(1M)

installf(1M)

installgrub(1M)

in.stdiscover(1M)

in.stlisten(1M)

in.talkd(1M)

in.telnetd(1M)

in.tftpd(1M)

in.timed(1M)

intrd(1M)

intrstat(1M)

in.uucpd(1M)

iostat(1M)

ipaddrsel(1M)

ipadm(1M)

ipf(1M)

ipfs(1M)

ipfstat(1M)

ipmgmtd(1M)

ipmon(1M)

ipmpstat(1M)

ipnat(1M)

ippool(1M)

ipqosconf(1M)

ipsecalgs(1M)

ipsecconf(1M)

ipseckey(1M)

iscsiadm(1M)

isns(1M)

isnsadm(1M)

itadm(1M)

itu(1M)

k5srvutil(1M)

kadb(1M)

kadmin(1M)

kadmind(1M)

kadmin.local(1M)

kcfd(1M)

kclient(1M)

kdb5_ldap_util(1M)

kdb5_util(1M)

kdcmgr(1M)

kernel(1M)

keyserv(1M)

killall(1M)

kmscfg(1M)

kprop(1M)

kpropd(1M)

kproplog(1M)

krb5kdc(1M)

ksslcfg(1M)

kstat(1M)

ktkt_warnd(1M)

labeld(1M)

labelit(1M)

labelit_hsfs(1M)

labelit_udfs(1M)

labelit_ufs(1M)

lastlogin(1M)

latencytop(1M)

ldapaddent(1M)

ldap_cachemgr(1M)

ldapclient(1M)

ldmad(1M)

link(1M)

llc2_loop(1M)

lldpadm(1M)

lldpd(1M)

lms(1M)

localectr(1M)

locator(1M)

lockd(1M)

lockfs(1M)

lockstat(1M)

lofiadm(1M)

logadm(1M)

logins(1M)

lpget(1M)

lpset(1M)

luxadm(1M)

系统管理命令-第 2 单元

系统管理命令-第 3 单元

audit_warn

- audit daemon warning script

用法概要

/etc/security/audit_warn [option [arguments]]

描述

The audit_warn utility processes warning or error messages from the audit daemon. When a problem is encountered, the audit daemon, auditd(1M) calls audit_warn with the appropriate arguments. The option argument specifies the error type.

The system administrator can specify a list of mail recipients to be notified when an audit_warn situation arises by defining a mail alias called audit_warn in aliases(4). The users that make up the audit_warn alias are typically the audit and root users.

选项

The following options are supported:

allhard count

Indicates that the hard limit for all filesystems has been exceeded count times. The default action for this option is to send mail to the audit_warn alias only if the count is 1, and to write a message to the machine console every time. It is recommended that mail not be sent every time as this could result in a the saturation of the file system that contains the mail spool directory.

allsoft

Indicates that the soft limit for all filesystems has been exceeded. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

auditoff

Indicates that someone other than the audit daemon changed the system audit state to something other than AUC_AUDITING. The audit daemon will have exited in this case. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

ebusy

Indicates that the audit daemon is already running. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

hard filename

Indicates that the hard limit for the file has been exceeded. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

hostname

Indicates that the audit service could not find an IP address to associate with the local hostname. It has fallen back to using the “loopback” address. The audit trail might not translate properly. See /var/audit/debug for more information. The audit service can be refreshed (audit -s) to retry to find an IP address.

nostart

Indicates that auditing could not be started. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console. Some administrators may prefer to modify audit_warn to reboot the system when this error occurs.

plugin name error count text

Indicates that an error occurred during execution of the auditd plugin name. The default action for this option is to send mail to the audit_warn alias only if count is 1, and to write a message to the machine console every time. (Separate counts are kept for each error type.) It is recommended that mail not be sent every time as this could result in the saturation of the file system that contains the mail spool directory. The text field provides the detailed error message passed from the plug-in. The error field is one of the following strings:

load_error

Unable to load the plugin name.

sys_error

The plugin name is not executing due to a system error such as a lack of resources.

config_error

No plug-ins loaded (including the binary file plug-in, audit_binfile(5)) due to configuration errors (see the -setplugin option of the auditconfig(1M) command). The name string is -- , to indicate that no plug-in name applies.

retry

The plugin name reports it has encountered a temporary failure. For example, the audit_binfree.so plugin uses retry to indicate that all directories are full.

no_memory

The plugin name reports a failure due to lack of memory.

invalid

The plugin name reports it received an invalid input.

failure

The plugin name has reported an error as described in text.

postsigterm

Indicates that an error occurred during the orderly shutdown of the audit daemon. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

soft filename

Indicates that the soft limit for filename has been exceeded. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

tmpfile

Indicates that the temporary audit file already exists indicating a fatal error. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

属性

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os
Interface Stability
Committed

The interface stability is Evolving. The file content is Unstable.

另请参见

audit(1M), auditconfig(1M), auditd(1M), aliases(4), audit.log(4), attributes(5)

See the section on Solaris Auditing in 《Oracle Solaris 管理:安全服务》.

附注

This functionality is available only if the Solaris Auditing feature has been enabled.

If the audit policy perzone is set, the /etc/security/audit_warn script for the local zone is used for notifications from the local zone's instance of auditd. If the perzone policy is not set, all auditd errors are generated by the global zone's copy of /etc/security/audit_warn.