NAME
audusr — select users to audit
SYNOPSIS
audusr
[[-a
user] ...]
[[-d
user] ...]
[-A|-D]
DESCRIPTION
audusr
is used to specify
users
to be audited or excluded from auditing.
The
audusr
command
only works for systems that have been converted to
trusted mode.
To select users to audit on systems
that have not been converted to trusted mode,
the TrustedMigration
product needs to be installed and
the
userdbset
command is used.
See also
audit(5),
userdbset(1M),
userdb(4),
and
AUDIT_FLAG
in
security(4).
If no arguments are specified,
audusr
displays the audit setting of every user.
audusr
is restricted to superusers.
Options
audusr
recognizes the following options:
- -a user
Audit the specified
user.
The auditing system records audit records
to the ``current'' audit file when the specified
user
executes audited events or system calls.
Use
audevent
to specify events to be audited (see
audevent(1M)).
- -d user
Do not audit the specified
user.
- -A
Audit all users.
- -D
Do not audit any users.
The
-A
and
-D
options are mutually exclusive:
that is, if
-A
is specified,
-d
cannot be specified; if
-D
is specified,
-a
cannot be specified.
Users specified with
audusr
are audited (or excluded from auditing)
beginning with their next login session,
until excluded from auditing (or specified for auditing) with a subsequent
audusr
invocation.
Users already logged into the system when
audusr
is invoked are unaffected during that login session;
however, any user who logs in after
audusr
is invoked is audited or excluded from auditing accordingly.
AUTHOR
audusr
was developed by HP.
FILES
- /tcb/files/auth/*/*
File containing flags to indicate whether users are audited.
