Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audisp(1M)

audomon(1M)

audsys(1M)

audusr(1M)

getevent(2)

setevent(2)

audit(4)

audit(5)

audevent(1M)

NAME

audevent − change or display event or system call audit status

SYNOPSIS

audevent [−P|−p] [−F|−f] [−E] [[−e event] ...] [−S] [[−s syscall] ...]

DESCRIPTION

audevent changes the auditing status of the given events or system calls.  The event is used to specify names associated with certain self-auditing commands; syscall is used to select related system calls. 

If neither −P, −p, −F, nor −f is specified, the current status of the selected events or system calls is displayed.  If no events or system calls are specified, all events and system calls are selected. 

If the −E option is supplied, it is redundant to specify events with the −e option; this applies similarly to the −S and −s options. 

audevent takes effect immediately.  However, the events and system calls specified are audited only when called by a user currently being audited (see audusr(1M)). A list of valid events and associated syscalls is provided in audit(5).

Only the super-user can change or display audit status. 

Options

−P Audit successful events or system calls. 

−p Do not audit successful events or system calls. 

−F Audit failed events or system calls. 

−f Do not audit failed events or system calls. 

−E Select all events for change or display. 

−e event Select event for change or display. 

−S Select all system calls for change or display. 

−s syscall Select syscall for change or display. 

The following is a list of the valid events and the associated syscalls (if any):

create Object creation ( creat, mkdir, mknod, msgget, pipe, semget, shmat, shmget)

delete Object deletion ( msgctl, rmdir, semctl)

moddac Discretionary access control (DAC) modification ( chmod, chown, fchmod, fchown, fsetacl, setacl, umask)

modaccess Non- DAC modification ( chdir, chroot, link, setgid, setuid, rename, setgroups, setresgid, setresuid, shmctl, shmdt, unlink)

open Object opening ( open, execv, execve, ptrace, truncate, ftruncate)

close Object closing ( close)

process Process operations ( fork, exit, kill, vfork, nsp_init)

removable Removable media events  ( mount, umount, vfsmount)

login Logins and logouts

admin administrative and superuser events ( audctl, audswitch, cluster, stime, reboot, setaudid, setaudproc, setdomainname, setevent, sethostid, setprivgrp, settimeofday, swapon)

ipccreat Interprocess Communication (IPC) object creation ( bind, ipccreate, ipcdest, socket)

ipcopen IPC object opening ( accept, connect, ipcconnect, ipclookup, ipcrecvn)

ipcclose IPC object deletion ( ipcshutdown, shutdown)

ipcdgram IPC datagram ( sendto, recvfrom)

uevent1 User-defined event 1

uevent2 User-defined event 2

uevent3 User-defined event 3

AUTHOR

audevent was developed by HP. 

SEE ALSO

audisp(1M), audomon(1M), audsys(1M), audusr(1M), getevent(2), setevent(2), audit(4), audit(5). 

Hewlett-Packard Company  —  HP-UX Release 9.0: August 1992

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026