Converts previous AIX® Version 4 format audit bins to the AIX Version 4 format.
auditconv OldFile NewFile
The auditconv command converts audit records which were generated by previous versions of the operating system into the format used by AIX Version 4 and higher of the operating system.
Audit records are read from the file OldFile, and written to the file NewFile. Each audit record is updated with thread information, with a default thread identifier of zero.
Notes:
Access Control
This command should grant execute (x) access to the root user and members of the audit group. The command should be setuid to the root user and have the trusted computing base attribute.
Files Accessed
Mode | File |
---|---|
r | /etc/security/audit/events |
r | /etc/passwd |
r | /etc/group |
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
To convert the old audit file pre_v4_auditbin, storing the results in converted_auditbin, enter the following command:
/usr/sbin/auditconv pre_v4_auditbin converted_auditbin
Item | Description |
---|---|
/usr/sbin/auditconv | Specifies the path of the auditconv command. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/audit/events | Contains the audit events of the system. |
/etc/security/audit/objects | Contains information about audited objects (files). |
/etc/security/audit/bincmds | Contains auditbin backend commands. |
/etc/security/audit/streamcmds | Contains auditstream commands. |