AUDIT_WARN(5) BSD File Formats Manual AUDIT_WARN(5)NAME
audit_warn -- alert when audit daemon issues warnings
DESCRIPTION
The audit_warn script runs when auditd(8) generates warning messages.
The default audit_warn is a script whose first parameter is the type of warning; the script appends its arguments to
/etc/security/audit_messages. Administrators may replace this script: a more comprehensive one would take different actions based on the
type of warning. For example, a low-space warning could result in an email message being sent to the administrator.
FILES
/etc/security/audit_warn
/etc/security/audit_messages
SEE ALSO audit(4), auditd(8)HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD March 17, 2004 BSD
Check Out this Related Man Page
AUDIT_EVENT(5) BSD File Formats Manual AUDIT_EVENT(5)NAME
audit_event -- audit event descriptions
DESCRIPTION
The audit_event file contains descriptions of the auditable events on the system. Each line maps an audit event number to a name, a descrip-
tion, and a class. Entries are of the form:
eventnum:eventname:description:eventclass
Each eventclass should have a corresponding entry in the audit_class(5) file.
Example entries in this file are:
0:AUE_NULL:indir system call:no
1:AUE_EXIT:exit(2):pc
2:AUE_FORK:fork(2):pc
3:AUE_OPEN:open(2):fa
FILES
/etc/security/audit_event
SEE ALSO audit(4), audit_class(5), audit_control(5), audit_user(5)HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD January 24, 2004 BSD
I know that it's not necessary to get antivirus software for UNIX operating systems, but could someone please recommend some anyway? Does McAfee make any? (1 Reply)
FYI: As of 5/25, all dat updates are failing when uvscan v4.40 is run. McAfee has discontinued support for v4.40 in Jan 07. You will need to upgrade to v5.10 to support the new dat updates.
http://www.mcafee.com/us/enterprise/support/customer_service/end_life.html (0 Replies)
Hi,
When I run the following script
#!/bin/sh
email="rc@dll.com"
subject="response times are more than a SECOND"
rt=`tail audit.log | grep -i operationResponseTime | awk '{print $2}'`
if
then
### Mail the file to the mailbox
mail -s $subject $email <<-end
$rt
~.... (3 Replies)
Hello
I have a server it is running more than 5 people
Scripts I want to send a warning to the administrator for the main server
All is written in the ssh strain
For example, when typing the following command "ls" " rm " and other
email sends the administrator for the main server
About it... (2 Replies)
Alright, well I did some more research since I originally posted this thread, and as much as I'd like to delete it, I can't, so I'll just extend my initial question a little.
Right now I have 3 scripts:
1#!/bin/bash
# script1 - Write all files modfied x days ago
find .. -daystart -mtime 0... (2 Replies)
Hi all,
I have a script from a programmer, for which I need to analyze a problem.
The script gathers audit info and prints out the results. Two different departments use it, on two different printers. In the script department the there are no issues. In the other department the same script... (10 Replies)
Hi ive been tasked to create a warning email which will be sent when a process exceeds a given percentage of CPU,
Ive created the script where it runs:
ps -eo pri,pid,user,nice,pcpu,comm | awk '{if($5 >= 2)print $0}' >> /export/home/tjmoore/file2 2>/dev/null
I would then run a mail program... (21 Replies)
Hello out there,
I got a script that stops and restarts a webapp. I would like to be able to send warning reminders to the webusers as a warning like 5 minutes before it happens. Can I do this an if so how? (1 Reply)
I've tried a few things to manually push out a script as a test from one of my primary machines to a test machine. I have a McAfee agent that I just obtained from McAfee, and I'm simply trying to remember what I did via terminal to push it out from my primary machine. Well, I finally figured it... (3 Replies)