DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Administering BNU

Security log

The security log contains the job transactions that attempt to violate system and user security measures. It is used to aid in detecting attacks on the systems. An attempted security violation is detected when the requester fails to pass the security checks specified in the Permissions(4bnu) file or tries to access a protected source or destination file. The occurrence is logged for further analysis in the /var/spool/uucp/.Admin/security file. Two different entries can appear in the security log:


xfer
file transfer

rexe
remote execution
Their formats are as follows:

File transfer (xfer) security log

An entry has the following format:

type rname rlogin dname dlogin dfile sname slogin sfile size modify start end

where:


type
record type (always xfer)

rname
requester node name

rlogin
requester user login

dname
destination node name

dlogin
destination user login

dfile
destination filename

sname
source node name

slogin
source file owner login

sfile
source filename

size
source file size in bytes

modify
modification date and time of source file

start
date and time that transfer started

end
date and time that transfer completed

An example entry is:

xfer ihnp1 user1 mach1 user2 uucp.c ihnp1 user1 uucp.c \
34567 (5/19-16:10) (5/20-11:10:29) (5/20-11:18:20)

Remote execution (rexe) security log

An entry has the following format:

type rname rlogin dlogin time command

where:


type
record type (always rexe)

rname
client (requesting) node name

rlogin
client (requesting) user login

dlogin
server (destination) user login

time
date and time that command was executed by server

command
command name and options

An example entry is:

rexe ihnp1 user1 user2 (5/20-15:28:32) (pwd)

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004