Considerations for file auditing, Recursive behavior and the /g and /e directories, Considerations for – HP NonStop G-Series User Manual

Table 22 OSS Functions Audited When Used With Audited Filesets (continued)

Attributes or Actions Audited

OSS Function

The contents of the symbolic link and the value of the file mode, OSS user ID, group
ID, and rdev.

symlink()

The process name and the value of the OSS user ID and group ID. Use on files in the
/G

directory is also audited.

tdm_execve()

,

tdm_execvpe()

The process name and the value of the OSS user ID and group ID.

tdm_fork()

The process name and the value of the OSS user ID and group ID. Use on files in the
/G

directory is also audited.

tdm_spawn()

,

tdm_spawnp()

For a link count of zero, the value of the file mode, OSS user ID, group ID, mtime,
ctime

, size, and rdev. For a link count that is not zero, the value of the link count

after the call.

unlink()

The values of mtime, atime, and ctime before and after the call. Use on files in the
/G

directory is also audited.

utime()

Table 23 Guardian Procedures Audited When Used With Audited Filesets

Attributes or Actions Audited

Procedure

Resolution of a supplied pathname to a regular file in an audited fileset; use of an
internal OSS filename; all Guardian file audit attributes

FILE_OPEN_

Resolution of a supplied pathname to a regular file in an audited fileset; use of an
internal OSS filename; all Guardian file audit attributes

PROCESS_SPAWN_

Table 24 Guardian Procedures Audited When Used for Process Control

Attributes or Actions Audited

Procedure

The value of the open flags and the value of the file mode before and after the call

FILE_OPEN_

The process name and the value of the OSS user ID and group ID

PROCESS_SPAWN_

Considerations for File Auditing

The /G and/E directories and Network File System (NFS) filesets cannot be audited. Audited
filesets cannot be mounted for NFS client use.

Beginning with the J06.15 and H06.26 RVUs, the OSS sockets connect() function is audited.

The pipe() function is not audited because its effects are transitory.

The chdir() and chroot() functions are not audited. The method used to audit pathnames
uses absolute names from the system root directory, so these functions do not require auditing.

Recursive Behavior and the /G and /E Directories

Specifying the -R flag on the chgrp, chmod, and chown commands causes them to descend
recursively through their directory arguments. If the initial directory is the root directory, the /G
and /E directories are included in the operation. If this behavior is not what you intend, you can
use the -W NOG and -W NOE flags or the UTILSGE environment variable to exclude the /G and
/E

directories from these operations when used recursively on the root directory. For example, the

following command changes the group of all the files on the local node to the super ID. Guardian
files and files on remote nodes are excluded.

chgrp -W NOE -W NOG -R / SUPER.SUPER/

Recursive Behavior and the /G and /E Directories

133