auditmap(ADM)


auditmap -- create and write audit map files

Synopsis

auditmap [-m dirname]

Description

The auditmap shell level command allows an administrator with the appropriate privileges to create and write the audit map files. The privileges required are audit, dacread, macwrite and setplevel. The auditmap command is invoked from the auditon command and may also be directly invoked by the auditing administrator.

The default directory for the audit map file(s) is /var/audit/auditmap/. The -m option allows the user to choose a directory where the audit map file(s) will be stored. If the directory, dirname, does not exist or is not writable, an error message is displayed (see ``Diagnostics'').

In a base system, the auditmap command creates the auditmap file. This file contains file identification information and six maps:

If the audit map file(s) already exist, under the default directory or the -m specified directory, they will be renamed. The existing auditmap file will be prefixed with an o. The new audit map file will then be created.

File locking mechanisms are in place to prevent file corruption during concurrent invocations of auditmap.

Files

/var/audit/auditmap/auditmap
/etc/security/audit/classes

Diagnostics

On successful completion, the auditmap command exits with a value of zero (0). If there are errors, it exits with one of the following values and prints the corresponding error message:

1
usage auditmap [-m dirname]

Invalid command syntax.


3
system service not installed

The audit package is not installed.


4
Permission denied

Failure because of insufficient privilege.


5
Invalid full path or pathname dirname specified

The directory specified as an argument to the -m option does not exist.


5
filename is not writable

5
fcntl() failed

12
auditctl() failed ASTATUS

Failure occurred while retrieving auditing status.


24
malloc() failed

24
argvtostr() failed

27
function name failed, errno = error

Failure occurred while accessing level information.

The following warning messages may be printed:

resource name not written to audit map file file

The user, group, privilege, or class map was not created (for example, if the user information is incomplete or missing, the warning printed is: UID map not written to audit map file /var/audit/auditmap/auditmap)


Unable to create the auditmap file

filename file busy
Unable to place lock on file.

unable to rename file audit map file to audit map file
Unable to rename the local audit map file.

stat() failed

References

auditon(ADM), auditrpt(ADM)
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 - 02 June 2005