Sun and OracleChannel SunHow to BuyLog In한국어

SunSHIELD Basic Security Module Guide
검색에만이 책은
검색 도움말
Contained Within
Find More Documentation
Featured Support Resources
 PDF로 이 문서 다운로드

Index

Symbols

- audit flag prefix10 to 11
# for comments in files65, 67
* indevice_allocate file67, 68
+ audit flag prefix10 to 11
\ ending file lines65, 67
^- audit flag prefix11
^+ audit flag prefix11

A

-a option ofauditreduce command58 to 59
acct audit record96
ad audit flag9
adding devices74
adjtime audit record96
administering auditing
.....See also audit records; audit tokens;audit trail
.....audit administration account35 to 36
.....audit classes
............auditconfig commandoptions38
............changing definitions40
............flags and definitions9 to 10
.....mapping events7, 40
.....overview7 to 8
.....selecting for auditing7
audit events
.....audit tokens46
.....auditconfig commandoptions37, 38
.....C library functions156
.....categories8
.....event-to-system call translationtable147 to 152
.....including in audit trail7
.....kernel events7, 8, 37, 38, 46
.....mapping to classes7, 40
.....numbers8
.....overview7 to 8
.....preselecting156
.....record formats and45
.....user-level events8, 38, 46
audit files26 to 30
.....auditreduce command20 to 22
.....combining20 to 22, 26
.....copying login/logout messagesto single file57 to 58
.....directory locations27, 31
.....displaying in entirety57
.....file token50, 83
.....managing size of18
...........minimum free space for filesystems12
...........names27 to 29
...........nonactive files markednot_terminated29 to 30, 58
...........order for opening12
...........overview26 to 27
...........permissions32
...........printing57
...........reducing20 to 22, 26
...........reducing storage-spacerequirements23 to 24, 25
...........switching to new file17
...........time stamps28
....audit flags8 to 11
...........audit_control file line12
...........audit_user file13 to 14
...........auditconfig commandoptions38
...........C library functions157
...........definitions9 to 10
...........machine-wide8, 12
...........overview8
...........policy flags39
...........prefixes11
...........process preselection mask15
...........syntax10
....audit partitions30 to 32
....audit records8
....audit trail creation16 to 18
...........audit daemon's role17
...........audit_data file16
...........directory suitability17
...........managing audit file size18
...........overview16
....audit trail overflow prevention36 to 37
....audit_control file
...........audit_user filemodification13
...........C library functions156
...........overview11 to 12
...........prefixes inflags line11
...........problem with contents20
....audit_user file audit fields13 to 14
....audit_warn script16, 18 to 20
.....auditreduce command20 to 22, 56 to 59
............-a option58 to 59
............-b option58 to 59
............capabilities56
............cleaningnot_terminatedfiles29 to 30, 58
............-d option57
............described20 to 21, 44, 56
............distributed systems56
............examples57 to 58
............-O option26, 30, 57 to 58
............options20, 58 to 59
............time stamp use28
............without options20 to 22
.....configuration
............audit trail overflowprevention36 to 37
............auditconfig command37 to 39
............overview32 to 33
............planning33 to 36
............setting audit policies39
.....cost control22 to 24
............analysis23
............processing time23
............storage23 to 24
.....efficiency25 to 26
.....normal users25
.....overview5 to 6
.....process audit characteristics14 to 15
............audit ID15
............audit session ID15
............process preselection mask15, 23 to 24
............terminal ID15
.....startup6
administrative audit class9
all
.....audit class10
.....audit flag
............caution for using10
............described10
.....in user audit fields14
allhard string withaudit_warnscript19
allocatable devices,See device allocation
allocate audit record
.....allocate-list devicesuccess140
.....deallocate device140
.....deallocate device failure140
.....device allocate failure140
.....device allocate success139
allocate command
.....See also device allocation
.....how the allocate mechanismworks71 to 73
.....options63
.....using75 to 76
allocate error state64
allocating devices,See device allocation
allsoft string withaudit_warnscript19
always-audit flags
.....described13 to 14
.....process preselection mask15
analysis43 to 60
.....audit record format45 to 55
.....auditing features43 to 44
.....auditreduce command45, 56 to 59
.....costs23
.....praudit command45, 59 to 60
.....tools44 to 45
ap audit flag9
application audit class9
arbitrary token48 to 49, 79
Archive tape drive clean script67
arg token49, 81
arge policy
.....exec_env token and82
.....flag39
argv policy
.....exec_args token and82
.....flag39
asterisk (*) indevice_allocate file67, 68
at audit record
.....at-create crontab141
.....at-delete atjob141
.....at-permission141
attr token49 to 50, 81
audio devices
.....See also device allocation
.....device-clean scripts70
audio_clean script70
AUDIO_DRAIN ioctl system call70
AUDIO_SETINFO ioctl system call70
AUDIOGETREG ioctl system call70
AUDIOSETREG ioctl system call70
audit administration account35 to 36
audit attributes.See audit tokens
audit audit record96
audit classes
.....auditconfig command options38
.....changing definitions40
.....flags and definitions9 to 10
.....mapping events7, 40
.....overview7 to 8
.....selecting for auditing7
audit daemon
.....audit trail creation16, 17
.....audit_startup file6
.....audit_warn script
............conditions invoking18 to 20
............described16, 18
............execution of17
.....directories suitable to17
.....enabling auditing6
.....functions17
.....order audit files are opened12
.....rereading theaudit_controlfile12
.....terminating16
audit events
.....See also audit classes
.....audit_event file
............audit event type45
............overview7 to 8
.....C library functions156
.....categories8
.....event-to-system call translationtable147 to 152
.....including in audit trail7
.....kernel events
............audit tokens46
............auditconfig commandoptions37, 38
............described7
.....mapping to classes7, 40
.....numbers8
.....overview7 to 8
.....preselecting156
.....record formats and45
.....user-level events
............audit tokens46
............auditconfig commandoptions38
............described8
audit files26 to 30
.....See also audit trail; directories
.....auditreduce command20 to 22
.....combining20 to 22, 26
.....copying login/logout messages tosingle file57 to 58
.....directory locations27, 31
.....displaying in entirety57
.....file token50, 83
.....managing size of18
.....minimum free space for filesystems12
.....names27 to 29
............closed files29
............form27 to 28
............still-active files28 to 29
............time stamps28
............use28
.....nonactive files markednot_terminated29 to 30, 58
.....order for opening12
.....overview26 to 27
.....permissions32
.....printing57
.....reducing20 to 22, 26
.....reducing storage-spacerequirements23 to 24, 25
.....switching to new file17
.....time stamps28
audit flags8 to 11
.....audit_control file line12
.....audit_user file13 to 14
.....auditconfig command options38
.....C library functions157
.....definitions9 to 10
.....machine-wide8, 12
.....overview8
.....policy flags39
.....prefixes10 to 11
.....process preselection mask15
.....syntax10
audit ID6, 15, 44
audit log files,See audit files
audit -n command17
audit partitions30 to 32
audit policies
.....See also audit flags
.....auditconfig options39
.....setting39
audit records77 to 147
.....See also audit tokens;specific auditrecords
.....audit directories full17, 19, 94
.....C library functions156 to 157
.....converting to human-readableformat8, 20, 45, 59 to 60
.....displaying45
.....format or structure45 to 55, 78, 95
.....kernel-level generated95 to 139
.....overview8
.....policy flags39
.....reducing audit files26
.....selecting44
.....self-contained records44
.....tools44 to 45
.....user-level generated139 to 147
audit -s command
.....preselection mask for existingprocesses12
.....rereading audit files17
.....resetting directory pointer17
audit server mount-point path names31
audit session ID15, 44
audit -t command16
audit threshold12
audit tokens
.....arbitrary token48 to 49, 79
.....arg token49, 81
.....attr token49 to 50, 81
.....audit record format45 to 55, 78
.....C library functions156
.....described8
.....exec_args token82
.....exec_env token82
.....exit token50, 82
.....file token50, 83
.....groups token50 to 51, 84
.....header token46, 47 to 48, 84 to 85
.....in_addr token51, 85
.....ip token51, 85
.....ipc token51 to 52, 86 to 87
.....ipc_perm token52, 87
.....iport token52, 88
.....newgroups token88
.....opaque token52 to 53, 89
.....order in audit record46
.....path token53, 89
.....policy flags39
.....process token53, 90
.....return token54, 90 to 91
.....seq token54, 91
.....socket token54 to 55, 91 to 92
.....socket-inet token92
.....subject token55, 92
.....table of78
.....text token55, 93
.....trailer token46, 48, 94
.....types45 to 46
audit trail
.....See also audit files; audit records; audittokens
.....analysis43 to 60
............audit record format45 to 55
............auditing features43 to 44
............auditreduce command45, 56 to 59
............costs23
............praudit command45, 59 to 60
............tools44 to 45
.....creating16 to 18, 26
............audit daemon's role16, 17
............audit_data file16
............directory suitability17
............managing audit file size18
............overview16
.....directory locations27, 31
.....events included7
.....merging all files20 to 22
.....monitoring in real time25
.....overflow prevention36 to 37
audit_control file
.....audit daemon rereading afterediting12
.....audit_user file modification13
.....C library functions156
.....dir: line
............described12
............examples13, 32
............files subdirectory31
.....examples13, 32
.....flags: line
............described12
............prefixes in11
............process preselection mask15
.....minfree: line
............audit_warn condition19
............described12
.....naflags: line12
.....overview11 to 12
.....prefixes inflags line11
.....problem with contents20
audit_data file16
audit_event file
.....See also audit events
.....audit event type45
.....overview7 to 8
audit_startup file6
audit_user file
.....prefixes for flags11
.....process preselection mask15
.....user audit fields13 to 14
audit_warn script18 to 20
.....allhard string19
.....allsoft string19
.....audit daemon execution of17
.....auditsvc string19
.....conditions invoking18 to 20
.....described16, 18
.....ebusy string19
.....hard string19
.....postsigterm string19
.....soft string18
.....tmpfile string19
auditconfig command
.....audit flags as arguments9
.....options37 to 39
.....prefixes for flags11
.....reducing storage-spacerequirements24
auditd daemon
.....audit trail creation16, 17
.....audit_startup file6
.....audit_warn script
............conditions invoking18 to 20
............described16, 18
............execution of17
.....directories suitable to17
.....enabling auditing6
.....functions17
.....order audit files are opened12
.....rereading theaudit_controlfile12
.....terminating16
auditing,See administering auditing;audit trail
auditon audit record
.....A_GETCAR command97
.....A_GETCLASS command97
.....A_GETCOND command97
.....A_GETCWD command97
.....A_GETKMASK command98
.....A_GETPOLICY command98
.....A_GETQCTRL command98
.....A_GETSTAT command98
.....A_SETCLASS command99
.....A_SETCOND command99
.....A_SETKMASK command99
.....A_SETPOLICY command100
.....A_SETQCRTL command101
.....A_SETSMASK command99 to 100
.....A_SETSTAT command100
.....A_SETUMASK command100
auditreduce command20 to 22
.....-a option58 to 59
.....-b option58 to 59
.....capabilities56
.....cleaningnot_terminated files29 to 30, 58
.....-d option57
.....described20 to 21, 44, 56
.....distributed systems56
.....examples57 to 58
.....-m option59
.....-O option26, 30, 57 to 58
.....options20, 58 to 59
.....time stamp use28
.....without options20 to 22
auditsvc
.....audit record101
.....system call
............fails19, 94
AUE_... names7, 8
.....event-to-system call translationtable147 to 152
automatically enabling auditing6

B

-b option ofauditreduce command58 to 59
backslash (\) ending file lines65, 67
Basic Security Module (BSM)
.....client-server relationships2
.....disabling2
.....enabling2
.....installing1 to 3
.....packages1
binary audit record format45
BSM,See Basic Security Module (BSM)
bsmconv script
.....devicemaps file creation64
.....enabling BSM2
bsmunconv script2

C

C library functions156 to 157
C2 TCSEC features61
carat (^) in audit flag prefixes11
cartridge tape drives,See tape drives
CD-ROM drives
.....See also device allocation
.....device-clean scripts69
change password audit record145
chdir audit record101
-chkconf option ofauditconfigcommand37
chmod audit record102
chown audit record102
chroot audit record102
cl audit flag9
classes
.....auditconfig command options38
.....changing definitions40
.....flags and definitions9 to 10
.....mapping events7, 40
.....overview7 to 8
.....selecting for auditing7
clean scripts,See device-clean scripts
cleaningnot_terminated files29 to 30, 58
clients, enabling BSM for3
close audit record103
cnt policy35 to 36
.....flag39
combining audit files26
.....auditreduce command20 to 22
commands
.....See alsospecific commands
.....device-allocation utilities63 to 64
.....maintenance commands155 to 156
comments
.....device_allocate file67
.....device_maps file65
-conf option ofauditconfigcommand37
configuring
.....audit trail overflow prevention36 to 37
.....auditconfig command37 to 39
.....overview32 to 33
.....planning33 to 36
.....setting audit policies39
converting audit records to human-readable format8, 20, 45, 59 to 60
copying login/logout messages to singlefile57 to 58
cost control22 to 24
.....analysis23
.....processing time23
.....storage23 to 24
creat audit record103
creating the audit trail16 to 18
.....audit daemon's role17
.....audit_data file16
.....directory suitability17
.....managing audit file size18
.....overview16
cron job18
crontab audit record
.....cron-invoke atjob orcrontab142
.....crontab-crontab created142
.....crontab-crontab deleted142
.....crontab-permission143

D

-d option
.....auditreduce command57
.....praudit command59
daemon, audit,See audit daemon
date-timeauditreduce commandoptions58 to 59
deallocate command
.....allocate error state64
.....described63, 75
.....device-clean scripts and70
.....using76
debugging sequence number54, 91
defaults
.....audit policies39
.....audit_startup file6
.....machine-wide8
.....praudit output format59, 60
............header token48
device allocation61 to 76
.....adding devices74
.....allocatable devices66, 67, 74
.....allocate command
............how the allocate mechanismworks71 to 73
............options63
............using75 to 76
.....allocate error state64
.....allocating a device75 to 76
.....components of the allocationmechanism62
.....deallocate command
............allocate error state64
............described63, 75
............device-clean scripts and70
............using76
.....device_allocate file66 to 68
.....device_maps file64 to 66
.....device-clean scripts68 to 70
............adding devices74
............audio devices70
............CD-ROM drives69
............described68
............diskette drives69
............options70
............tape drives67, 69
............writing new scripts70
.....list_devices command64, 75
.....lock file setup70 to 73
.....managing devices74
.....reallocating63
.....risks associated with device use62
.....using device allocations75 to 76
.....utilities63 to 64
device_allocate file
.....format67 to 68
.....overview66 to 68
device_maps file
.....format65 to 66
.....overview64
device-clean scripts
.....adding devices74
.....audio devices70
.....CD-ROM drives69
.....described68
.....diskette drives69
.....options70
.....tape drives67, 69
.....writing new scripts70
devices
.....See also device allocation
.....adding74
.....lock files70 to 73
.....managing74
dir: line inaudit_control file
.....described12
.....example13, 32
.....forfiles subdirectory31
directories
.....audit daemon pointer17
.....audit directories full17, 19, 94
.....audit directory locations27, 31
.....audit partitions30 to 32
.....audit_control file definitions12
.....diskfull machines27, 30
.....files subdirectory31
.....mounting audit directories27
.....permissions32
.....suitable to audit daemon17
disabling BSM2
diskette drives
.....See also device allocation
.....device-clean scripts69
diskfull machines' audit directory27, 30
diskless clients, enabling BSM for3
disk-space requirements23 to 24
displaying
.....audit log in entirety57
.....audit records45
distributed systems'auditreducecommand use56
dminfo command64
drives,See device allocation

E

ebusy string andaudit_warn script19
efficiency25 to 26
eject command69
enabling
.....auditing6
.....BSM2
ending
.....disabling BSM2
.....signal received during auditingshutdown19
.....terminating audit daemon16
enter prom audit record103
errors
.....allocate error state64
.....audit directories full17, 19, 94
.....internal errors19
/etc/security directory31
/etc/security/audit directory27, 31
/etc/security/audit/bsmconv script
.....enabling BSM2
.....devicemaps file creation64
/etc/security/audit/bsmunconvscript2
/etc/security/audit_control file,Seeaudit_control file
/etc/security/audit_data file16
/etc/security/audit_event file
.....audit event type45
.....overview7 to 8
.....See also audit events
/etc/security/audit_startupfile6
/etc/security/audit_warnscript16, 18 to 20
/etc/security/dev lock files70 to 73
event modifier field flags (headertoken)85
event numbers8
events
.....See also audit classes
.....C library functions156
.....categories8
.....event-to-system call translationtable147 to 152
.....including in audit trail7
.....kernel events
............audit tokens46
............auditconfig commandoptions37, 38
............described7
.....mapping to classes7, 40
.....numbers8
.....overview7 to 8
.....preselecting156
.....record formats and45
.....user-level events
............audit tokens46
............auditconfig commandoptions38
............described8
ex audit flag10
exec audit class10
exec audit record104
exec_args token82
exec_env token82
execve audit record104
exit audit record105
exit prom audit record104
exit token50, 82
export list27

F

-F option
.....allocate command63
.....deallocate command63
.....st_clean script70
fa audit flag9
failure
.....audit flag prefix10
.....turning off audit flags for11
fc audit flag9
fchdir audit record105
fchmod audit record105
fchown audit record106
fchroot audit record106
fcntl audit record106
fd audit flag9
fd_clean script69
file systems,See audit files; directories
file token50, 83
file vnode token49 to 50, 81
file_attr_acc audit class9
file_attr_mod audit class9
file_close audit class9
file_creation audit class9
file_deletion audit class9
file_read audit class9
file_write audit class9
files subdirectory31
files, audit,See audit files
files, lock70 to 73
flags8 to 11
.....audit_control file line12
.....audit_user file13 to 14
.....auditconfig command options38
.....C library functions157
.....definitions9 to 10
.....machine-wide8, 12
.....overview8
.....policy flags39
.....prefixes10 to 11
.....process preselection mask15
.....syntax10
flags: line inaudit_control file
.....described12
.....prefixes in11
.....process preselection mask15
fm audit flag9
forced cleanup70
fork audit record107
fork1 audit record107
fr audit flag9
fstatfs audit record108
ftpd login audit record143
fw audit flag9

G

getaudit audit record108
getauid audit record108
-getclass option ofauditconfigcommand38
-getcond option ofauditconfigcommand38
getmsg audit record109
.....socket accept109
.....socket receive109
-getpinfo option ofauditconfigcommand38
getpmsg audit record110
-getpolicy option ofauditconfigcommand39
getportaudit audit record110
graphics tablets,See device allocation
group policy
.....flag39
.....groups token50 to 51, 84
.....newgroups token88
groups token50 to 51, 84

H

halt: machine halt audit record143
hard string withaudit_warn script19
hard-disk-space requirements23 to 24
header token
.....described47, 84 to 85
.....event-modifier field flags85
.....fields47
.....format85
.....order in audit record46, 84
.....praudit display48
headers157
human-readable audit record format
.....See also audit tokens
.....converting audit records to8, 20, 45, 59 to 60
.....described45 to 55

I

-I option
.....deallocate command64
.....st_clean script70
IDs
.....audit6, 15, 44
.....audit session15, 44
.....audit user44
.....auditconfig command options38
.....terminal15
in.ftpd audit record143
in.rexecd audit record146
in.rshd: rshd accessdenials/grants auditrecord146 to 147
in_addr token51, 85
inetd: inetd service request auditrecord143
installing BSM1 to 3
Internet-related tokens
.....in_addr token51, 85
.....ip token51, 85
.....iport token52, 88
.....socket token54 to 55, 91 to 92
.....socket-inet token92
io audit flag9
ioctl audit class9
ioctl system calls9, 70
ioctl: ioctl to special devicesaudit record110 to 111
ip audit flag9
ip token51, 85
ipc audit class9
ipc token51 to 52, 86 to 87
ipc type field values (ipc token)87
ipc_perm token52, 87
iport token52, 88
item size field values (arbitrarytoken)80

K

kernel events
.....See also audit events
.....audit records95 to 139
.....audit tokens46
.....auditconfig command options37, 38
.....described7
kill audit record111

L

-l option
.....praudit command59
lchown audit record111 to 112
libraries, C functions156 to 157
link audit record112
list_devices command64, 75
lo audit flag9
lock files
.....how the allocate mechanismworks71 to 73
.....setting up71
log files,See audit files
login audit record
.....logout144
.....rlogin144
.....telnet login144
.....terminal login144
login/logout messages, copying to singlefile57 to 58
login_logout audit class9
-lsevent option ofauditconfigcommand38
-lspolicy option ofauditconfigcommand39
lstat audit record112
lxstat audit record112

M

-m option ofauditreduce command59
machine halt audit record143
machine reboot audit record145
macros157
maintenance commands155 to 156
managing devices74
mappings, class7, 40
mask, process preselection
.....auditconfig command options38
.....C library functions156
.....described15
.....machine-wide12
.....reducing storage costs23 to 24
memcntl audit record113
minfree: line inaudit_control file
.....audit_warn condition18, 19
.....described12
.....determining space needed34
minus (-) audit flag prefix10 to 11
mkdir audit record113
mknod audit record113
mmap audit record114
modctl audit record
.....MODADDMAJBIND command114
.....MODCONFIG command115
.....MODLOAD command115
.....MODUNLOAD command115
modems,See device allocation
monitoring audit trail in real time25
mount audit record116
mountd audit record
.....NFS mount request145
.....NFS unmount request145
mounting audit directories27
msgctl audit record
.....IPC_RMID command116
.....IPC_SET command116 to 117
.....IPC_STAT command117
msgget audit record117
msgrcv audit record117
msgsnd audit record118
mt command, device-cleanup option69
munmap audit record118

N

na audit flag9
naflags: line inaudit_controlfile12
names
.....audit classes9 to 10
.....audit files
............closed files29
............form27 to 28
............still-active files28 to 29
............time stamps28
............use28
.....audit flags9 to 10
.....device names
............device_allocate file67
............device_maps file65
.....IDs
............audit6, 15
............audit session15, 44
............auditconfig commandoptions38
............terminal15
.....kernel events7
.....mount-point path names on auditservers31
.....user-level events8
network audit class9
never-audit flags13 to 14
newgroups token88
NFS mount request audit record145
NFS unmount request auditrecord145
nice audit record118
no audit flag9
no_class audit class9
non_attrib audit class9
nonattributable flags inaudit_controlfile12
normal users, auditing25
not_terminated files, cleaning29 to 30, 58
nt audit flag9
null audit class9
numbers, event8

O

-O option ofauditreduce command26, 30, 57 to 58
object-reuse requirement61, 68 to 70
.....device-clean scripts
............adding devices74
............audio devices70
............CD-ROM drives69
............described68
............diskette drives69
............tape drives67, 69
............writing new scripts70
opaque token52 to 53, 89
open audit record
.....read119
.....read, create119
.....read, create, truncate119
.....read, truncate120
.....read, write120
.....read, write, create120
.....read, write, create,truncate120
.....read, write, truncate121
.....write121
.....write, create121
.....write, create, truncate122
.....write, truncate122
ot audit flag10
other audit class10
overflow prevention for audit trail36 to 37

P

partitions, audit30 to 32
passwd audit record145
path policy flag39
path token53, 89
pathconf audit record122
pc audit flag9
permissions for audit file systems32
pipe audit record122 to 123
plus (+) audit flag prefix10 to 11
policies
.....See also audit flags
.....auditconfig options39
.....setting39
postsigterm string andaudit_warnscript19
pound sign (#) for comments in files65, 67
praudit command
.....See also audit tokens
.....converting audit records to human-readable format8, 20
.....described45
.....human-readable format46 to 55
.....output formats59 to 60
.....pipingauditreduce output to57
.....using59 to 60
prefixes in audit flags10 to 11
preselection mask
.....auditconfig command options38
.....C library functions156
.....described15
.....machine-wide12
.....reducing storage costs23 to 24
primary audit directory12, 30
print format field values (arbitrarytoken)80
printing audit log57
priocnt audit record123
process audit characteristics14 to 15
.....audit ID15
.....audit session ID15
.....process preselection mask15, 23 to 24
.....terminal ID15
process audit class9
process dumped core auditrecord123
process groups tokens
.....groups token50 to 51, 84
.....newgroups token88
process preselection mask
.....auditconfig command options38
.....described15
.....reducing storage costs23 to 24
process token53, 90
processing time costs23
putmsg audit record123
.....socket connect124
.....socket send124
putpmsg audit record124

R

-r praudit output format59, 60
.....header token48
rawpraudit output format59, 60
.....header token48
readlink audit record124
reallocating devices63
reboot: machine reboot auditrecord145
records,See audit records
reducing audit files26
.....auditreduce command20 to 22
.....storage-space requirements23 to 24, 25
rename audit record125
return token54, 90 to 91
rewoffl option ofmt command69
risks associated with device use62
rmdir audit record125
rpc.rexd audit record146
rshd access denials/grants auditrecord146 to 147

S

-S option ofst_clean script70
-s praudit output format59
.....header token48
SCSI devices
.....See also device allocation
.....st_clean script67
secondary audit directory12, 30
security risks associated with deviceuse62
selecting audit records44
semctl audit record
.....GETALL command125
.....GETNCNT command126
.....GETPID command126
.....GETVAL command126
.....GETZCNT command127
.....IPC_RMID command127
.....IPC_SET command127
.....IPC_STAT command128 to 129
.....SETALL command128
.....SETVAL command128
semget audit record129
semop audit record129
seq policy flag40
seq token54, 91
servers, enabling BSM for clients3
session ID15, 44
setaudit audit record129 to 130
setauid audit record130
-setclass option ofauditconfigcommand38
-setcond option ofauditconfigcommand38
setegid audit record130
seteuid audit record130
setgid audit record131
setgroups audit record131
setpgrp audit record131
-setpmask option ofauditconfigcommand38
-setpolicy option ofauditconfigcommand39
setrlimit audit record132
-setsmask option ofauditconfigcommand38
setuid audit record132
-setumask option ofauditconfigcommand38
SHIELD Basic Security Module,See BasicSecurity Module (BSM)
shmat audit record132
shmctl audit record
.....IPC_RMID command133
.....IPC_SET command133
.....IPC_STAT command133 to 134
shmdt audit record134
shmget audit record134
shortpraudit output format59
.....header token48
shutting down,See terminating
signal received during auditingshutdown19
size
.....managing audit files18
.....reducing audit files26
............auditreduce command20 to 22
............storage-space requirements23 to 24, 25
socket accept audit record109
socket connect audit record124
socket receive audit record109
socket send audit record124
socket token54 to 55, 91 to 92
socket-inet token92
soft limit
.....audit_warn condition18
.....determining space needed34
.....minfree: line described12
soft string withaudit_warn script18
Solaris SHIELD Basic Security Module,SeeBasic Security Module (BSM)
sr_clean script69
st_clean script for tape drives67, 69
standard cleanup70
starting,See enabling
stat audit record134
statfs audit record135
statvfs audit record135
stime audit record135
storage costs23 to 24
storage overflow prevention36 to 37
su audit record147
subject token55, 92
success
.....audit flag prefix10
.....turning off audit flags for11
SUNWcar package1
SUNWcsr package1
SUNWcsu package1
SUNWhea package1
SUNWman package1
symlink audit record136
sysinfo audit record136
system booted audit record136
system calls
.....arg token49, 81
.....auditsvc fails19, 94
.....close9
.....event numbers7
.....event-to-system call translationtable147 to 152
.....exec_args token82
.....exec_env token82
.....ioctl9, 70
.....return token54, 90 to 91
.....table156
System V IPC
.....ipc audit class9
.....ipc token51 to 52, 86 to 87
.....ipc_perm token52, 87

T

tables157
tail command25
tape drives
.....See also device allocation
.....device-clean scripts69
.....risks associated with use62
.....st_clean script67
TCP address52, 88
TCSEC (Trusted Computer SystemEvaluation Criteria) C2features61
temporary file cannot be used19
terminal ID15
terminals,See device allocation
terminating
.....audit daemon16
.....signal received during auditingshutdown19
text token55, 93
time stamps in audit files28
time-dateauditreduce commandoptions58 to 59
tmpfile string andaudit_warnscript19
tokens,See audit tokens
trail policy flag40
trail,See audit trail
trailer token
.....described48, 94
.....fields48
.....format94
.....order in audit record46, 94
.....praudit display48
Trusted Computer System EvaluationCriteria (TCSEC) C2 features61

U

-U option
.....allocate command63
.....list_devices command64
UDP address52, 88
umount: old version auditrecord136
unlink audit record137
user audit fields13 to 14
user ID (audit ID)6, 15, 44
user-level events
.....See also audit events
.....audit records139 to 147
.....audit tokens46
.....auditconfig command options38
.....described8
/usr/bin/at audit record
.....at-create crontab141
.....at-delete atjob141
.....at-permission141
/usr/bin/crontab audit record
.....cron-invoke atjob orcrontab142
.....crontab-crontab created142
.....crontab-crontab deleted142
.....crontab-permission143
/usr/bin/login audit record
.....logout144
.....rlogin144
.....telnet login144
.....terminal login144
/usr/bin/passwd: change passwordaudit record145
/usr/bin/su audit record147
/usr/lib/nfs/mountd audit record
.....NFS mount request145
.....NFS unmount request145
/usr/sbin/allocate audit record
.....allocate-list devicesuccess140
.....deallocate device140
.....deallocate device failure140
.....device allocate failure140
.....device allocate success139
/usr/sbin/auditd daemon,See auditdaemon
/usr/sbin/halt audit record143
/usr/sbin/in.ftpd audit record143
/usr/sbin/in.rexecd auditrecord146
/usr/sbin/in.rshd audit record146 to 147
/usr/sbin/inetd audit record143
/usr/sbin/reboot audit record145
/usr/sbin/rpc.rexd audit record146
utilities
.....C library functions156 to 157
.....device allocation63 to 64
.....headers, tables, and macros157
.....maintenance commands155 to 156
.....system calls156
utime audit record137
utimes audit record137
utssys - fusers audit record138

V

vfork audit record138
viewing,See displaying
vnode token49 to 50, 81
vtrace audit record138

W

writing new device-clean scripts70

X

xmknod audit record138
xstat audit record139
Xylogics tape drive clean script67

Z