|
|
In the following table each entry consists of:
The fixed events are listed first, followed by the selectable events.
Fixed events
Event | Description | System call/command |
---|---|---|
add_grp | add a group | groupadd(1M) |
add_usr | add a user | useradd(1M) |
add_usr_grp | add group members | useradd(1M), usermod(1M) |
audit_buf | set audit buffer attributes | auditbuf(2) |
audit_ctl | enable/disable auditing | auditoff(1M), auditon(1M), auditctl(2) |
audit_dmp | record auditdmp failures | auditdmp(2) |
audit_evt | set auditable events | auditset(1M), auditevt(2) |
audit_log | set log file attributes | auditlog(1M), auditlog(2) |
audit_map | create audit map files | auditmap(1M) |
date | change the date | adjtime(2), stime(2) |
init | change init states | init(1M) |
mod_grp | modify group information | groupmod(1M) |
mod_usr | modify user information | usermod(1M) |
Selectable events
Event | Description | System call/command |
---|---|---|
all | All selectable events | |
none | No selectable events | |
access | determine accessibility of a file | access(2) |
acct_off | disable accounting | acct(2) |
acct_on | enable accounting | acct(2) |
acct_sw | switch accounting files | acct(2) |
bad_auth | bad login name or password | login(1) |
bad_lvl | bad login level | login(1) |
cancel_job | cancellation of lp job | cancel(1), lpsched(1M) |
chg_dir | change working directory | chdir(2), fchdir(2) |
chg_nm | change name of a file | rename(2) |
chg_root | change root directory | chroot(2) |
chg_times | change file access times | utime(2) |
cov_chan_1 | record use of covert channel | NA |
cov_chan_2 | record use of covert channel | NA |
cov_chan_3 | unused but reserved | |
cov_chan_4 | unused but reserved | |
cov_chan_5 | unused but reserved | |
cov_chan_6 | unused but reserved | |
cov_chan_7 | unused but reserved | |
cov_chan_8 | unused but reserved | |
create | create a new filesystem object | creat(2) |
cron | cron job | cron(1M) |
dac_mode | change mode of an object | chmod(2), fchmod(2) |
dac_own_grp | change owner or group of object | chown(2), fchown(2), lchown(2), chgrp(1) |
def_lvl | change a user's default level | login(1) |
exec | execute an object | exec(2) |
exit | terminate a process | exit(2) |
fcntl | file control | fcntl(2) |
fd_acl | change the access control lists via file descriptor | facl(2) |
file_acl | change the access control lists | acl(2) |
file_priv | change privileges of a file | filepriv(2) |
fork | create a new process | fork(2), vfork(2) |
iocntl | I/O control | ioctl(2) |
ipc_acl | change IPC access control lists | aclipc(2) |
keyctl | enable special features | keyctl(2) |
kill | post a signal | kill(2), sigsendset(2) |
link | create a link to an object | link(2) |
login | use of a login schema | login(1) |
logoff | terminate a login session | exit(2) |
lp_admin | administrative use of LP | lpadmin(1M) |
lp_misc | miscellaneous use of LP | lpsched(1M) |
lwp_bind | bind LWP to processor | processor_bind(2), processor_exbind(2) |
lwp_create | create lightweight process | fork(2) |
lwp_unbind | unbind LWP from processor | processor_bind(2) |
misc | miscellaneous application records | auditdmp(2) |
mk_dir | make a directory | mkdir(2) |
mk_node | make a special file | mknod(2) |
mount | mount a device or filesystem | mount(2) |
modpath | modify module search path | modpath(2) |
modadm | register a module | modadmin(1M) |
modload | load a module | modload(2) |
moduload | unload a module | moduload(2) |
msg_ctl | message control operations | msgctl(2) |
msg_get | get message queue | msgget(2) |
msg_op | message operations | msgop(2) |
open_rd | open an object for reading | open(2) |
open_wr | open an object for writing | open(2) |
p_online | bring processor on/offline | p_online(2) |
page_lvl | printer does not support per-page label | lp(1) |
passwd | change password | passwd(1) |
pipe | create a pipe | pipe(2) |
pm_denied | failed attempt to use privileges | NA |
prt_job | start/end of printer job | lp(1) |
prt_lvl | override output label | lp(1) |
recvfd | receive file descriptor | NA |
rm_dir | remove a directory | rmdir(2) |
sched_lk | lock a process into memory | plock(2), memcntl(2) |
sched_rt | real time scheduler operations | priocntl(2) |
sched_ts | time sharing scheduler operations | priocntl(2) |
sem_ctl | semaphore control operations | semctl(2) |
sem_get | get the set of semaphores | semget(2) |
sem_op | semaphore operations | semop(2) |
set_gid | change group ID | setgid(2) |
set_grps | set multiple groups | setgroups(2) |
set_pgrps | set process groups | setpgrp(2) |
set_sid | set session ID | setsid(2) |
set_uid | change user ID | setuid(2) |
setrlimit | set resource limits | setrlimit(2) |
shm_ctl | shared memory control operations | shmctl(2) |
shm_get | get shared memory identifier | shmget(2) |
shm_op | shared memory operations | shmop(2) |
status | get file status | stat(2), fstat(2) |
sym_create | create a symbolic link | symlink(2) |
sym_status | get status of symbolic link | lstat(2) |
tfadmin | administrative commands | tfadmin(1M) |
trunc_lvl | truncate a printed level | lp(1) |
ulimit | resource limits | ulimit(2) |
umount | unmount a device or filesystem | umount(2) |
unlink | unlink an object | unlink(2) |