Installing the auditing subsystem

Using pkgchk to verify audit software installation

Once you have installed the auditing software, you should verify that the installed files have the proper attributes. Use the pkgchk(1M) command to do this.

To verify the file attributes, run pkgchk on the audit package:

pkgchk audit

Correct any discrepancies that the pkgchk command finds.

This procedure will only check installed files. It will not check system files that are created as part of the normal functioning of the auditing system. Attributes of these files should be checked periodically to ensure system security and integrity. Discretionary Access Control (DAC) file permission settings for the audit user-level commands and system files are listed in the following table.

Access permissions for audit files

Command or filename Owner Group Permissions
auditcnv root audit r-xr-x---
auditfltr root audit r-xr-x---
auditlog root audit r-xr-x---
auditmap root audit r-xr-x---
auditon root audit r-xr-x---
auditoff root audit r-xr-x---
auditset root audit r-xr-x---
auditrpt root audit r-xr-x---
/etc/security/audit root audit drwxrwxr-x
/etc/security/audit/classes root audit rw-rw-r--
/etc/security/ia/audit root sys r--------
/etc/default/audit root sys r--r--r--
/etc/init.d/audit root audit r--r--r--
/var/audit root audit drwxrwx---
/var/audit/MMDD### (log files) root audit r--r-----
/var/audit/auditmap root audit drwxrwx---
/var/audit/auditmap/* root audit rw-rw----

Once the installation is complete, and you have verified that the files were correctly installed, you can proceed to customize the auditing subsystem to your requirements. See ``Configuring auditing'' for information on how to do this.

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004