The SEOS_AUDITLOGIN record may be submitted to the audit log file when:
If the access and use of a resource are being monitored, audit records are also submitted to the audit log. Logout audit records are submitted to the log file only if a login record was also submitted.
Name of user logging in (ASCII‑Z string).
Name of terminal or network host from which user is logging in (ASCII‑Z string).
Reason this audit log record was added to the file. There are several possible reasons for CA ControlMinder to record a login attempt.
Stage in the authorization algorithm when the decision was made to grant or deny access. The LogRoute API includes a listing of these stage codes in the header file seauthstages.h.
User's UNIX or Windows user ID.
Name of the program attempting to perform the login.
The SEOS_AUDITLOGIN record is used to audit login attempts, logouts, auditing and serevu login attempts, and NAP detection by seosd. Login audit records are submitted to the log for the following reasons:
The user was allowed to log in.
The user was denied login access.
An error in the database was found.
Logout audit records are submitted to the log file only if a login record was also submitted. That is, the user's audit mode includes the auditing of successful logins, or the terminal from which the user logged in has an audit mode that includes the auditing of successful accesses. Logout records are assigned the stage code SEOS_LOGOUT_RES.
When serevu detects attempts to log in, the following reason codes apply:
Detected attempt to break password.
The specified user account was disabled by serevu because of too many login attempts.
The specified user account was reactivated by serevu after being disabled for the configured time period.
In all cases, the stage code assigned to login records written by serevu is SEOS_LOG_SEREVU.
The SEOS_AUDITGENR record can be submitted to the audit log file when a user accesses, or attempts to access, a general resource.
Name of user attempting to gain access (ASCII‑Z string).
Class of resource being accessed (ASCII‑Z string).
Name of resource being accessed (ASCII‑Z string).
Reason this audit log record was added to the file. Either the user or the resource involved has been flagged for auditing. Possible reasons are listed in the table in Return Codes in this chapter. In UNIX, the LogRoute API also includes a listing of these reasons in the header file seauthstages.h. In Windows, you can find this information in the following directory of your system drive:
ACDir\include
Stage in the authorization algorithm when the decision was made to grant or deny access. The LogRoute API includes a listing of these stage codes in the header file seauthstages.h.
User's level of access to the resource.
Note: The seostype.h file lists the available access types.
User's UNIX or Windows user ID.
Name of the program that attempted to gain access to the resource (ASCII‑Z string).
Name of terminal or network host from which user logged in (ASCII‑Z string).
|
Integer Value |
|
---|---|---|
WDWARN_ERROR |
0 |
An error occurred |
WDWARN_STATCHANGED |
1 |
Stat was changed |
WDWARN_AIXEXIT |
2 |
HP‑UX/AIX extended information changed |
WDWARN_AIXACL |
3 |
HP‑UX/AIX ACL changed |
WDWARN_CRC |
4 |
CRC check failed |
WDWARN_STAT |
5 |
Cannot obtain information about the trusted file |
WDWARN_MD5 |
6 |
MD5 signatures do not match |
The SEOS_AUDITWDWARN record can be submitted to the audit log file when the Watchdog (seoswd) finds an integrity problem in a trusted program or a secured file.
Class name of resource being audited (ASCII‑Z string). This can be PROGRAM or SECFILE.
Full path name of the program or secure file being audited (ASCII‑Z string).
System errno value that may have triggered this audit.
Reason this audit log record was added to the file. Possible reasons are listed in the table in Return Codes in this chapter. In UNIX, the LogRoute API also includes a listing of these reasons in the header file seauthstages.h. In Windows, you can find this information in the following directory of your system drive:
ACDir\include
Stage in the authorization algorithm when the decision was made to grant or deny access. The LogRoute API includes a listing of these stage codes in the header file seauthstages.h.
|
Integer Value |
|
---|---|---|
WDWARN_ERROR |
0 |
An error occurred |
WDWARN_STATCHANGED |
1 |
Stat was changed |
WDWARN_AIXEXIT |
2 |
HPUX/AIX extended information changed |
WDWARN_AIXACL |
3 |
HPUX/AIX ACL changed |
WDWARN_CRC |
4 |
CRC check failed |
WDWARN_STAT |
5 |
Cannot obtain information about the trusted file |
WDWARN_MD5 |
6 |
MD5 signatures do not match |
The SEOS_AUDITINWARN record can be submitted to the audit log file when a remote host attempts access to the local host and that remote host has been flagged for auditing.
Internet address of the remote host attempting access. This is currently the 4‑byte address of TCP.
AF number. Currently, only AF_INET (2).
Port number to which access was attempted.
Protocol code. Currently 0.
Name of the program in the local host that was trying to accept the access request.
Reason this audit log record was added to the file. Possible reasons are listed in the table in Return Codes in this chapter. In UNIX, the LogRoute API also includes a listing of these reasons in the header file seauthstages.h. In Windows, you can find this information in the following directory of your system drive:
ACDir\include
Stage in the authorization algorithm when the decision was made to grant or deny access. The LogRoute API includes a listing of these stage codes in the header file seauthstages.h.
|
Integer Value |
|
---|---|---|
WDWARN_ERROR |
0 |
An error occurred |
WDWARN_STATCHANGED |
1 |
Stat was changed |
WDWARN_AIXEXIT |
2 |
HPUX/AIX extended information changed |
WDWARN_AIXACL |
3 |
HPUX/AIX ACL changed |
WDWARN_CRC |
4 |
CRC check failed |
WDWARN_STAT |
5 |
Cannot obtain information about the trusted file |
WDWARN_MD5 |
6 |
MD5 signatures do not match |
Copyright © 2013 CA Technologies.
All rights reserved.
|
|