create and write audit map files
auditmap [-m dirname]
The auditmap shell level command allows an administrator with the
appropriate privileges to
create and write the audit map files.
The privileges required are
dacread, macwrite and setplevel.
The auditmap command is invoked
from the auditon command and may also be directly invoked
by the auditing administrator.
The default directory for the audit map file(s)
The -m option allows the user to choose
a directory where the audit map file(s) will be stored.
If the directory, dirname, does not exist or is not
writable, an error message is displayed
In a base system, the auditmap command creates
the auditmap file.
This file contains file identification information and six maps:
If the audit map file(s) already exist,
under the default directory or the -m
specified directory, they will be renamed.
The existing auditmap file
will be prefixed with an o.
The new audit map file
will then be created.
file-identification: audit software version, timezone information,
privilege mechanism information, system name, machine node name,
operating system release and version, and machine type
all login names and their corresponding uids
all group names and their gids including multiple groups
all event type names and their corresponding event type numbers
all event classes and their corresponding event types
all privilege names and their corresponding numbers
all system call names and their corresponding numbers
File locking mechanisms are in place to prevent file corruption during
concurrent invocations of auditmap.
On successful completion,
the auditmap command exits with a value of zero (0).
If there are errors, it exits with one of the following values and
prints the corresponding error message:
The following warning messages may be printed:
usage auditmap [-m dirname]
Invalid command syntax.
system service not installed
The audit package is not installed.
Failure because of insufficient privilege.
Invalid full path or pathname dirname
The directory specified as an argument to the -m option
does not exist.
is not writable
auditctl() failed ASTATUS
Failure occurred while retrieving auditing status.
failed, errno = error
Failure occurred while accessing level information.
not written to audit map file file
The user, group, privilege,
or class map was not created (for example,
if the user information is incomplete or missing, the warning printed is:
UID map not written to audit map file /var/audit/auditmap/auditmap)
Unable to create the auditmap file
Unable to place lock on file.
unable to rename file audit map file
to audit map file
Unable to rename the local audit map file.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 - 02 June 2005