|
|
The security log contains the job transactions that attempt to violate system and user security measures. It is used to aid in detecting attacks on the systems. An attempted security violation is detected when the requester fails to pass the security checks specified in the Permissions(4bnu) file or tries to access a protected source or destination file. The occurrence is logged for further analysis in the /var/spool/uucp/.Admin/security file. Two different entries can appear in the security log:
An entry has the following format:
type rname rlogin dname dlogin dfile sname slogin sfile size modify start end
where:
An example entry is:
xfer ihnp1 user1 mach1 user2 uucp.c ihnp1 user1 uucp.c \ 34567 (5/19-16:10) (5/20-11:10:29) (5/20-11:18:20)
An entry has the following format:
type rname rlogin dlogin time command
where:
An example entry is:
rexe ihnp1 user1 user2 (5/20-15:28:32) (pwd)