Next | Prev | Top | Contents | Index
Chapter 6: Administering the System Audit Trail
The System Audit Trail features allow administrators to review a record of all system activity. The ongoing record of system activity shows general trends in system usage and also violations of your system use policy. For example, any unsuccessful attempts to use system resources can be recorded in the audit trail. If a user consistently attempts to access files owned by other users, or attempts to guess the root password, this can be recorded also. The site administrators can monitor all system activity through the audit trail. Sections of this chapter include:
Note that references are made in this chapter to auditable "MAC" and "Mandatory Access Control" events, such as an event generated when an attempt is made to access a file protected by a higher MAC clearance. The audit system provides facilities to audit all events on all IRIX operating systems. Mandatory Access Control (MAC) is available only in the Trusted IRIX/B optional operating system. No MAC audit events are generated by standard IRIX. If you have installed Trusted IRIX/B, you will have received additional documentation describing the special security features in that product. Users of standard IRIX can safely ignore all references to MAC, labels, and the dbedit, chlabel and newlabel commands. To find out if your system is running Trusted IRIX/B, use the uname command with the -a option. Standard IRIX systems give a response that looks like this:
IRIX System_name 5.1 02131441 IP12
If your machine is running Trusted IRIX/B, the name IRIX in the above example will be replaced with "Trusted IRIX/B."
Discretionary Access Control (DAC) is the term used by the auditing subsystem for the standard UNIX system of file permissions. IRIX uses the standard permissions system common to all UNIX based operating systems.
- Enabling Auditing
-
- Default Auditing
-
- Customizing Auditing
-
- Understanding the Audit Data
-
- Potential Security Violations
-
- Archiving Audit Data
-
Next | Prev | Top | Contents | Index