|
|
Information from the /etc/passwd and /etc/default/accounts files is used to assign an initial default audit mask for every user on the system. If either the /etc/passwd or /etc/default/accounts file does not exist or cannot be accessed, an error message is displayed (see ``Diagnostics''). The defadm command modifies the value of the AUDIT_MASK parameter in the /etc/default/accounts file. If the AUDIT_MASK parameter does not exist or has an invalid value, an event mask of none is set and a warning message is displayed (see ``Diagnostics'').
If the audit mask file, /tcb/files/auth/auditmask cannot be created or already exists, an error message is displayed (see ``Diagnostics'').
When the auditcnv command is invoked and completes successfully, the following message is displayed:
/tcb/files/auth/auditmask createdIf the /etc/security/ia/audit file is corrupted or accidentally removed, auditcnv should be invoked before any further users log in to the system. The audit mask for users who log in while this file is corrupted or nonexistent may not include the desired audit events.
usage: auditcnv
Invalid command syntax.
file
file does not exist
cannot access file
file
cannot create audit mask file
audit mask file already exists
The audit mask file already exists when auditcnv is invoked.
unable to stat()
file, errno="
errno"
a default audit mask of none was set for all users