Contains the shell commands that process audit bin data.
The /etc/security/audit/bincmds file is an ASCII template file that contains the backend commands that process audit binfile records. The path name of this file is defined in the bin stanza of the /etc/security/audit/config file.
This file contains command lines each composed of one or more commands with input and output that can be piped together or redirected. Although the commands usually are one or more of the audit system commands (the auditcat command, the auditpr command, the auditselect command), this is not a requirement.
Access Control: This file should grant read (r) access to the root user and members of the audit group and grant write (w) access only to the root user.
/usr/sbin/auditcat -p -o $trail $bin
When the command runs, the names of the current bin file and the system audit-trail file are substituted for the $bin and $trail strings. Records are compressed and appended to the /audit/trail file.
/usr/sbin/auditselect -e "result == FAIL_AUTH || \
result == FAIL_PRIV" $bin >> /audit/trail.violations
/usr/sbin/auditselect -e "event == USER_Login || \
event == USER_SU" $bin | \
/usr/sbin/auditpr -t2 -v >/dev/lpr3
Adjust the printer name to fit your requirements.
Item | Description |
---|---|
/etc/security/audit/bincmds | Specifies the path to the file. |
/etc/security/audit/config | Contains audit-system configuration information. |
/etc/security/audit/events | Contains the audit events of the system. |
/etc/security/audit/objects | Contains audit events for audited objects (files). |
/etc/security/audit/streamcmds | Contains auditstream commands. |