home *** CD-ROM | disk | FTP | other *** search
-
-
-
- ssssaaaatttt____eeeecccchhhhoooo((((1111MMMM)))) ssssaaaatttt____eeeecccchhhhoooo((((1111MMMM))))
-
-
-
- NNNNAAAAMMMMEEEE
- sat_echo - echo standard input into the system audit trail
-
- SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
- ssssaaaatttt____eeeecccchhhhoooo { ----FFFF | ----SSSS } _s_a_t_e_v_e_n_t
-
- DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
- _s_a_t__e_c_h_o inserts the data from its standard input into the system audit
- trail. (Only the first 65535 bytes of standard input are used; the rest
- are discarded.) Use _s_a_t__e_c_h_o in shell scripts that enforce security
- policy and must generate audit records.
-
- OOOOPPPPTTTTIIIIOOOONNNNSSSS
- Either ----FFFF or ----SSSS must be supplied, but not both at once. _s_a_t_e_v_e_n_t is a
- required argument.
-
- The options are:
-
- ----FFFF The action described by this audit record _f_a_i_l_e_d.
-
- ----SSSS The action described by this audit record _s_u_c_c_e_e_d_e_d.
-
- _s_a_t_e_v_e_n_t The printed representation of an audit event type, as
- described in _s_a_t__s_t_r_t_o_e_v_e_n_t(3). If you want to customize the
- audit trail with the addition of event types specific to your
- site, use the _s_a_t__a_e__c_u_s_t_o_m event type. If you need to
- distinguish between different types of _s_a_t__a_e__c_u_s_t_o_m events,
- structure the event specific data so that it begins with a
- sub-event type.
-
- EEEEXXXXAAAAMMMMPPPPLLLLEEEE
- Suppose a site security officer (SSO) wanted to make sure that the
- auditor was made aware of any changes to system databases in /_e_t_c. After
- the system was installed, the SSO would have created a master file
- describing the /_e_t_c tree.
-
- _ffff_iiii_nnnn_dddd _////_eeee_tttt_cccc _----_pppp_rrrr_iiii_nnnn_tttt _|||| _xxxx_aaaa_rrrr_gggg_ssss _llll_ssss _----_dddd_llll_MMMM _>>>> _////_vvvv_aaaa_rrrr_////_aaaa_dddd_mmmm_////_eeee_tttt_cccc_----_mmmm_aaaa_ssss_tttt_eeee_rrrr
-
- A shell script is run nightly that compares the current state of the /_e_t_c
- tree with the state when the master was made. When discrepancies are
- found, an audit record is generated.
-
- _ffff_iiii_nnnn_dddd _////_eeee_tttt_cccc _----_pppp_rrrr_iiii_nnnn_tttt _|||| _xxxx_aaaa_rrrr_gggg_ssss _llll_ssss _----_dddd_llll_MMMM _>>>> _////_tttt_mmmm_pppp_////_eeee_tttt_cccc_----_tttt_oooo_nnnn_iiii_gggg_hhhh_tttt
- _dddd_iiii_ffff_ffff _////_vvvv_aaaa_rrrr_////_aaaa_dddd_mmmm_////_eeee_tttt_cccc_----_mmmm_aaaa_ssss_tttt_eeee_rrrr _////_tttt_mmmm_pppp_////_eeee_tttt_cccc_----_tttt_oooo_nnnn_iiii_gggg_hhhh_tttt _>>>> _////_tttt_mmmm_pppp_////_eeee_tttt_cccc_----_dddd_iiii_ffff_ffff
- _iiii_ffff _[[[[ _----_ssss _////_tttt_mmmm_pppp_////_eeee_tttt_cccc_----_dddd_iiii_ffff_ffff _]]]]
- _ssss_aaaa_tttt______eeee_cccc_hhhh_oooo _----_FFFF _ssss_aaaa_tttt______aaaa_eeee______cccc_uuuu_ssss_tttt_oooo_mmmm _<<<< _////_tttt_mmmm_pppp_////_eeee_tttt_cccc_----_dddd_iiii_ffff_ffff
- _eeee_llll_ssss_eeee
- _eeee_cccc_hhhh_oooo _""""_NNNN_iiii_gggg_hhhh_tttt_llll_yyyy _////_eeee_tttt_cccc _cccc_hhhh_eeee_cccc_kkkk _ssss_hhhh_oooo_wwww_ssss _nnnn_oooo _dddd_iiii_ssss_cccc_rrrr_eeee_pppp_aaaa_nnnn_cccc_iiii_eeee_ssss_...._"""" _|||| _\\\\
- _ssss_aaaa_tttt______eeee_cccc_hhhh_oooo _----_SSSS _ssss_aaaa_tttt______aaaa_eeee______cccc_uuuu_ssss_tttt_oooo_mmmm
- _ffff_iiii
-
-
-
-
-
- PPPPaaaaggggeeee 1111
-
-
-
-
-
-
- ssssaaaatttt____eeeecccchhhhoooo((((1111MMMM)))) ssssaaaatttt____eeeecccchhhhoooo((((1111MMMM))))
-
-
-
- SSSSEEEEEEEE AAAALLLLSSSSOOOO
- satwrite(2), sat_strtoevent(3).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PPPPaaaaggggeeee 2222
-
-
-
-
