![[Return to Library]](BOOKSHELF.GIF)
![[Contents]](TOC.GIF)
![[Previous Chapter]](REW.GIF)
![[Next Section]](NEXT.GIF)
![[Next Chapter]](FF.GIF)
![[Index]](INDEX.GIF)
![[Help]](HELP.GIF)
This appendix contains the default auditable events (/etc/sec/audit_events) and the default audit event aliases (/etc/sec/event_aliases) as they as delivered on Digital UNIX.
The following is the default /etc/sec/audit_events file:
! Audited system calls: exit succeed fail fork succeed fail old open succeed fail close succeed fail old creat succeed fail link succeed fail unlink succeed fail execv succeed fail chdir succeed fail fchdir succeed fail mknod succeed fail chmod succeed fail chown succeed fail mount succeed fail unmount succeed fail setuid succeed fail exec_with_loader succeed fail ptrace succeed fail nrecvmsg succeed fail nsendmsg succeed fail nrecvfrom succeed fail naccept succeed fail access succeed fail kill succeed fail old stat succeed fail setpgid succeed fail old lstat succeed fail dup succeed fail pipe succeed fail open succeed fail setlogin succeed fail acct succeed fail ioctl succeed fail reboot succeed fail revoke succeed fail symlink succeed fail readlink succeed fail execve succeed fail chroot succeed fail old fstat succeed fail vfork succeed fail stat succeed fail lstat succeed fail mmap succeed fail munmap succeed fail mprotect succeed fail old vhangup succeed fail kmodcall succeed fail setgroups succeed fail setpgrp succeed fail table succeed fail sethostname succeed fail dup2 succeed fail fstat succeed fail fcntl succeed fail setpriority succeed fail socket succeed fail connect succeed fail accept succeed fail bind succeed fail setsockopt succeed fail recvmsg succeed fail sendmsg succeed fail settimeofday succeed fail fchown succeed fail fchmod succeed fail recvfrom succeed fail setreuid succeed fail setregid succeed fail rename succeed fail truncate succeed fail ftruncate succeed fail setgid succeed fail sendto succeed fail shutdown succeed fail socketpair succeed fail mkdir succeed fail rmdir succeed fail utimes succeed fail adjtime succeed fail sethostid succeed fail old killpg succeed fail setsid succeed fail getdirentries succeed fail setdomainname succeed fail exportfs succeed fail getmnt succeed fail alternate setsid succeed fail swapon succeed fail msgctl succeed fail msgget succeed fail msgrcv succeed fail msgsnd succeed fail semctl succeed fail semget succeed fail semop succeed fail lchown succeed fail shmat succeed fail shmctl succeed fail shmdt succeed fail shmget succeed fail utc_adjtime succeed fail security succeed fail kloadcall succeed fail priocntlset succeed fail sigsendset succeed fail msfs_syscall succeed fail sysinfo succeed fail uadmin succeed fail fuser succeed fail audcntl succeed fail setsysinfo succeed fail swapctl succeed fail memcntl succeed fail
SystemV/unlink succeed fail SystemV/open succeed fail RT/rt_setprio succeed fail
! Audited trusted events: audit_start succeed fail audit_stop succeed fail audit_setup succeed fail audit_suspend succeed fail audit_log_change succeed fail audit_log_creat succeed fail audit_xmit_fail succeed fail audit_reboot succeed fail audit_log_overwrite succeed fail audit_daemon_exit succeed fail login succeed fail logout succeed fail auth_event succeed fail audgen8 succeed fail
![[Previous Section]](PREV.GIF)
The following is the sample /etc/sec/event_aliases file provided with the Digital UNIX system:
# This is a SAMPLE alias list. Your alias list should be built # to satisfy your site's requirements.
obj_creat: "old open" "old creat" link mknod open symlink \ mkdir SystemV/open
obj_delete: unlink truncate ftruncate SystemV/unlink rmdir
exec: execv exec_with_loader execve
obj_access: access "old stat" "old lstat" "old open" open \ readlink "old fstat" stat lstat \ fstat close:1:0 dup dup2 fcntl "old creat" mmap \ munmap mprotect memcntl SystemV/open
obj_modify: chmod chown fchown fchmod lchown utimes rename
ipc: recvmsg nrecvmsg recvfrom nrecvfrom sendmsg \ nsendmsg sendto accept naccept connect socket \ bind shutdown socketpair pipe sysV_ipc kill \ "old killpg" setsockopt sigsendset
sysV_ipc: msgctl msgget msgrcv msgsnd shmat shmctl shmdt \ shmget semctl semget semop
proc: exit fork chdir fchdir setuid ptrace setpgid \ setlogin chroot vfork setgroups setpgrp \ setpriority setreuid setregid setgid audcntl \ RT/rt_setprio setsid "alternate setsid" \ priocntlset
system: mount unmount acct reboot table \ sethostname settimeofday adjtime sethostid \ setdomainname exportfs getmnt swapon \ utc_adjtime audcntl setsysinfo kloadcall \ getdirentries revoke "old vhangup" kmodcall \ security sysinfo uadmin swapctl
misc: ioctl msfs_syscall fuser
trusted_event: login logout auth_event audgen8
all: obj_creat obj_delete exec obj_access \ obj_modify ipc proc system misc trusted_event