Overview of the auditing subsystem

The purpose of auditing

An auditing facility records information about actions that may affect the security of a computer system. In particular, an auditing facility records any action by any user that may represent a breach of system security. For each action, the auditing facility records enough information about those actions to verify

The presence of auditing may also deter attempted security breaches, which can allow you to take action to contain the problem. Even if you do not detect a security breach as it occurs, you can use the audit trail to determine the extent of any security problems and to recover from them.

In most cases, security breaches are detected by patterns of usage, not by single actions. A single failed login on a terminal, for example, may indicate that a user had trouble typing a password correctly. Several failed logins on a terminal may indicate that a malicious user is trying to guess a password. To detect such patterns, you often need to record many events that are a normal part of daily activity on the system.

Next topic: How auditing works
Previous topic: Overview of the auditing subsystem

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005