DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Auditable events

Process control events

The following events record actions related to the control of processes in the operating system. The majority of these events can be expected to occur frequently during normal use of the system. Therefore, the presence of these events in the log file does not automatically indicate a security problem. However, malicious users may try to use the setgid or setuid system calls to read data that they are not normally allowed to access. You may want to audit the set_gid and set_uid events to ensure that these system calls are always being used correctly.

Process control events

Event Description Manual page Object audit
exec execute an object exec(2) N
exit terminate a process exit(2), _lwp_exit(2) N
kill post a signal kill(2), _lwp_kill(2), sigsendset(2) N
fork create a new process vfork(2), _lwp_create(2), fork(2), fork1(2), forkall(2) N
set_gid change group ID setgid(2) N
set_grps set multiple groups setgroups(2) N
set_pgrps set process groups setpgrp(2) N
set_sid assign a session ID setsid(2) N
set_uid change user ID setuid(2) N


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004