audit_warn(1M)




NAME

     audit_warn - audit daemon warning script


SYNOPSIS

     /etc/security/audit_warn [option [arguments]]


DESCRIPTION

     The audit_warn utility processes warning or  error  messages
     from  the  audit  daemon. When a problem is encountered, the
     audit daemon, auditd(1M) calls audit_warn with the appropri-
     ate arguments. The option argument specifies the error type.

     The system administrator can specify a list  of  mail  reci-
     pients  to  be  notified when an audit_warn situation arises
     by defining a mail alias called audit_warn  in   aliases(4).
     The  users  that make up the  audit_warn alias are typically
     the audit and  root users.


OPTIONS

     The following options are supported:

     allhard count
           Indicates that the hard limit for all filesystems  has
           been exceeded count times. The default action for this
           option is to send mail to the audit_warn alias only if
           the  count is 1, and to write a message to the machine
           console every time. It is recommended that mail not be
           sent  every time as this could result in a the satura-
           tion of the file system that contains the  mail  spool
           directory.

     allsoft
           Indicates that the soft limit for all filesystems  has
           been  exceeded.  The default action for this option is
           to send mail to the audit_warn alias and  to  write  a
           message to the machine console.

     auditoff
           Indicates that someone other  than  the  audit  daemon
           changed the system audit state to something other than
           AUC_AUDITING.  The audit daemon will  have  exited  in
           this  case.  The  default action for this option is to
           send mail to the audit_warn alias and to write a  mes-
           sage to the machine console.

     ebusy Indicates that the audit daemon  is  already  running.
           The  default action for this option is to send mail to
           the audit_warn alias and to write  a  message  to  the
           machine console.

     getacdir count
           Indicates  that  there  is  a  problem   getting   the
           directory list from audit_control(4). The audit daemon
           will hang in a sleep loop until the file is fixed. The
           default  action for this option is to send mail to the
           audit_warn alias only if  count is 1, and to  write  a
           message  to  the  machine  console  every  time. It is
           recommended that mail not be sent every time  as  this
           could  result  in  a the saturation of the file system
           that contains the mail spool directory.

     hard filename
           Indicates that the hard limit for the  file  has  been
           exceeded.  The  default  action  for this option is to
           send mail to the audit_warn alias and to write a  mes-
           sage to the machine console.

     nostart
           Indicates that auditing  could  not  be  started.  The
           default  action for this option is to send mail to the
           audit_warn alias and to write a message to the machine
           console.  Some  administrators  may  prefer  to modify
           audit_warn  to  reboot  the  system  when  this  error
           occurs.

     postsigterm
           Indicates that an error occurred  during  the  orderly
           shutdown  of  the audit daemon. The default action for
           this option is to send mail to  the  audit_warn  alias
           and to write a message to the machine console.

     soft filename
           Indicates that the soft limit for  filename  has  been
           exceeded.  The  default  action  for this option is to
           send mail to the audit_warn alias and to write a  mes-
           sage to the machine console.

     tmpfile
           Indicates that the temporary audit file already exists
           indicating  a fatal error. The default action for this
           option is to send mail to the audit_warn alias and  to
           write a message to the machine console.


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsr                     |
    |_____________________________|_____________________________|
    | Interface Stability         | See below                   |
    |_____________________________|_____________________________|

     The interface stability is evolving.  The  file  content  is
     unstable.


SEE ALSO

     audit(1M),     auditd(1M),     bsmconv(1M),      aliases(4),
     audit.log(4), audit_control(4), attributes(5)


NOTES

     This functionality is available only if the  Basic  Security
     Module  (BSM)  has  been enabled.  See  bsmconv(1M) for more
     information.


Man(1) output converted with man2html