auditconv Command

Purpose

Converts previous AIX® Version 4 format audit bins to the AIX Version 4 format.

Syntax

auditconv OldFile NewFile

Description

The auditconv command converts audit records which were generated by previous versions of the operating system into the format used by AIX Version 4 and higher of the operating system.

Audit records are read from the file OldFile, and written to the file NewFile. Each audit record is updated with thread information, with a default thread identifier of zero.

Notes:

  1. The OldFile and NewFile parameters must be different, and must not be currently in use by the audit system.
  2. AIX Version 4 and higher of the operating system cannot work with pre-AIX Version 4 audit bins. Therefore, old bins must be converted using the auditconv command.

Security

Access Control

This command should grant execute (x) access to the root user and members of the audit group. The command should be setuid to the root user and have the trusted computing base attribute.

Files Accessed

Mode File
r /etc/security/audit/events
r /etc/passwd
r /etc/group

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Example

To convert the old audit file pre_v4_auditbin, storing the results in converted_auditbin, enter the following command:

/usr/sbin/auditconv pre_v4_auditbin converted_auditbin

Files

Item Description
/usr/sbin/auditconv Specifies the path of the auditconv command.
/etc/security/audit/config Contains audit system configuration information.
/etc/security/audit/events Contains the audit events of the system.
/etc/security/audit/objects Contains information about audited objects (files).
/etc/security/audit/bincmds Contains auditbin backend commands.
/etc/security/audit/streamcmds Contains auditstream commands.