hpux 10.20 - audevent (1)
NAME
audevent - change or display event or system call audit status
SYNOPSIS
audevent [-P|-p] [-F|-f] [-E] [[-e event] ...] [-S] [[-s syscall] ...]
DESCRIPTION
audevent changes the auditing status of the given events or system
calls. The event is used to specify names associated with certain
self-auditing commands; syscall is used to select related system
calls.
If neither -P, -p, -F, nor -f is specified, the current status of the
selected events or system calls is displayed. If no events or system
calls are specified, all events and system calls are selected.
If the -E option is supplied, it is redundant to specify events with
the -e option; this applies similarly to the -S and -s options.
audevent takes effect immediately. However, the events and system
calls specified are audited only when called by a user currently being
audited (see audusr(1M)). A list of valid events and associated
syscalls is provided in audit(5).
Only the super-user can change or display audit status.
Options
audevent recognizes the following options and command-line arguments:
-P Audit successful events or system calls.
-p Do not audit successful events or system calls.
-F Audit failed events or system calls.
-f Do not audit failed events or system calls.
-E Select all events for change or display.
-e event Select event for change or display.
-S Select all system calls for change or display.
-s syscall Select syscall for change or display.
The following is a list of the valid events and the associated
syscalls (if any):
create Object creation (creat(), mkdir(), mknod(),
msgget(), pipe(), semget(), shmat(), shmget())
delete Object deletion (msgctl(), rmdir(), semctl())
moddac Discretionary access control (DAC) modification
(chmod(), chown(), fchmod(), fchown(), fsetacl(),
setacl(), umask())
modaccess Non-DAC modification (chdir(), chroot(), link(),
setgid(), setuid(), rename(), setgroups(),
setresgid(), setresuid(), shmctl(), shmdt(),
unlink())
open Object opening (open(), execv(), execve(),
ptrace(), truncate(), ftruncate())
close Object closing (close())
process Process operations (fork(), exit(), kill(),
vfork(), nsp_init())
removable Removable media events (mount(), umount(),
vfsmount())
login Logins and logouts
admin administrative and superuser events (audctl(),
audswitch(), stime(), reboot(), setaudid(),
setaudproc(), setdomainname(), setevent(),
sethostid(), setprivgrp(), settimeofday(),
swapon())
ipccreat Interprocess Communication (IPC) object creation
(bind() and socket())
ipcopen IPC object opening (accept() and connect())
ipcclose IPC object deletion (shutdown())
ipcdgram IPC datagram (sendto() and recvfrom())
uevent1 User-defined event 1
uevent2 User-defined event 2
uevent3 User-defined event 3
AUTHOR
audevent was developed by HP.
SEE ALSO
audisp(1M), audomon(1M), audsys(1M), audusr(1M), getevent(2),
setevent(2), audit(4), audit(5).