Oss functions audited when used with audited, Table 22 – HP NonStop G-Series User Manual

Manipulating an audited Guardian file through OSS function calls and the /G directory also causes
log entries; the information logged for Guardian files is controlled by Guardian auditing policies
rather than by membership in an audited fileset. Similarly, manipulation of Guardian files through
Guardian procedure calls from an OSS program can be audited through Guardian policies, which
are not discussed in this guide.

Table 22 OSS Functions Audited When Used With Audited Filesets

Attributes or Actions Audited

OSS Function

The value of the access_mode parameter. Use on files in the /G directory is also
audited.

access()

The values of the OSS user ID, group ID, and file permissions (file mode and/or ACL
entries) before and after the call.

acl()

For AF_UNIX sockets, the values of the access_mode parameter, OSS user ID, group
ID, and rdev.

bind()

The values of the file mode before and after the call.

chmod()

, lchmod(),

fchmod()

The values of the OSS user ID, group ID, and file mode before and after the call. Use
on files in the /G directory is also audited.

chown()

, lchown(),

fchown()

For AF_UNIX sockets, the values of the OSS user ID and group ID. Only audited
beginning with the J06.15 and H06.26 RVUs.

connect()

For all files, the value of the file mode, OSS user ID, group ID, and rdev.For regular
files, the value of the open flags.

creat()

The value of the OSS user ID and group ID. Use on files in the /G directory is also
audited.

execl()

, execle(),

execlp()

, execv(),

execve()

, execvp()

The value of the OSS user ID and group ID.

fork()

The signal sent, the real OSS user ID and effective OSS user ID of the sender, the OSS
process ID or process group ID, the process handle, and the saved set OSS user ID

kill()

of the target process. If the target process is a member of a process group, the audit
information is logged for all the processes affected by the call when those processes
can be determined.

The name and the link count of the linked-to file, and the new filename.

link()

The value of the file mode, OSS user ID, group ID, and rdev.

mkdir()

The value of the file mode, OSS user ID, group ID, and rdev.

mkfifo()

The value of the file mode, OSS user ID, group ID, and rdev.

mknod()

The value of the open flags and the value of the file mode before and after the call.
Use on files in the /G directory is also audited.

open()

The value of the open flags and the value of the file mode before and after the call.

opendir()

The old and new pathname values.

rename()

For a link count of zero, the value of the file mode, OSS user ID, group ID, mtime,
ctime

, size, and rdev. For a link count that is not zero, the value of the link count

after the call.

rmdir()

The value of the real, effective, and saved-set group ID before and after the call.

setgid()

and setregid()

The value of the process-group ID before and after the call.

setpgid()

and setpgrp()

The value of the process-group ID before and after the call.

setsid()

The value of the real, effective, and saved-set OSS user ID before and after the call.

setuid()

and setreuid()

132

Managing Access to Files and Directories