auditcnv(ADM)

auditcnv -- create default audit mask file

Synopsis

auditcnv

Description

The auditcnv shell level command creates an audit mask file for the user login interface. auditcnv is invoked when the audit package is installed.

Information from the /etc/passwd and /etc/default/accounts files is used to assign an initial default audit mask for every user on the system. If either the /etc/passwd or /etc/default/accounts file does not exist or cannot be accessed, an error message is displayed (see ``Diagnostics''). The defadm command modifies the value of the AUDIT_MASK parameter in the /etc/default/accounts file. If the AUDIT_MASK parameter does not exist or has an invalid value, an event mask of none is set and a warning message is displayed (see ``Diagnostics'').

If the audit mask file, /tcb/files/auth/auditmask cannot be created or already exists, an error message is displayed (see ``Diagnostics'').

When the auditcnv command is invoked and completes successfully, the following message is displayed:

   /tcb/files/auth/auditmask created

If the /etc/security/ia/audit file is corrupted or accidentally removed, auditcnv should be invoked before any further users log in to the system. The audit mask for users who log in while this file is corrupted or nonexistent may not include the desired audit events.

Files

/etc/passwd
/etc/default/accounts
/tcb/files/auth/auditmask

Diagnostics

Upon successful completion, the auditcnv command exits with a value of zero (0). If there are errors, it exits with one of the following values and prints the corresponding error message:

1: usage: auditcnv
Invalid command syntax.
5: file file does not exist
5: cannot access file file
5: cannot create audit mask file
5: audit mask file already exists
The audit mask file already exists when auditcnv is invoked.
5: unable to stat() file, errno="errno"

The following warning message may be displayed.

   a default audit mask of none was set for all users

References

auditon(ADM), defadm(ADM), useradd(ADM), usermod(ADM)