[ Previous | Next | Contents | Glossary | Home | Search ]
AIX Version 4 Files Reference

streamcmds File

Purpose

Contains auditstream commands.

Description

The /etc/security/audit/streamcmds file is an ASCII template file that contains the stream mode commands that are invoked when the audit system is initialized. The path name of this file is defined in the stream stanza of the /etc/security/audit/config file.

This file contains command lines, each of which is composed of one or more commands with input and output that may be piped together or redirected. Although the commands usually are one or more of the audit system commands (auditcat, auditpr, and, auditselect), this is not a requirement. The first command, however, should be the auditstream command.

When the audit system is initialized, the audit start command runs each command. No path name substitution is performed on $trail or $bin strings in the commands.

Security

Access Control: This file should grant read (r) access to the root user and members of the audit group, and write (w) access to the root user only.

Examples

  1. To read all records from the audit device, select and format those that involve unsuccessful events, and print them on a line printer, include the following in the /etc/security/audit/streamcmds file:
    /usr/sbin/auditstream | /usr/sbin/auditselect -e \
     "result == FAIL" |/usr/sbin/auditpr -v > /dev/lpr0  
    This command is useful for creating a hard-copy trail of system security violations.

  2. To read all records from the audit device that have audit events in the authentication class, format them, and display them on the system console. Include the following in the /etc/security/audit/streamcmds file:
    /usr/sbin/auditstream -c authentication | \
    /usr/sbin/auditpr -t0 -v > /dev/console
    This command allows timely auditing of user authentication events.

Implementation Specifics

This file is part of Base Operating System (BOS) Runtime.

Files

/etc/security/audit/streamcmds Specifies the path to the file.
/etc/security/audit/config Contains audit system configuration information.
/etc/security/audit/events Contains the audit events of the system.
/etc/security/audit/objects Contains audit events for audited objects (files).
/etc/security/audit/bincmds Contains auditbin backend commands.

Related Information

The audit command, auditcat command, auditpr command, auditselect command.

Auditing Overview, Setting Up Auditing, Security Administration in AIX Version 4.3 System Management Guide: Operating System and Devices.


[ Previous | Next | Contents | Glossary | Home | Search ]