Converts pre-AIX version 4 format audit bins to AIX version 4 format.
auditconv OldFile NewFile
The auditconv command converts audit records which were generated by previous versions of the operating system into the format used by versions 4 and higher of the operating system.
Audit records are read from the file OldFile, and written to the file NewFile. Each audit record is updated with thread information, with a default thread identifier of zero.
Notes:
Access Control: This command should grant execute (x) access to the root user and members of the audit group. The command should be setuid to the root user and have the trusted computing base attribute.
Mode | File |
---|---|
r | /etc/security/audit/events |
r | /etc/passwd |
r | /etc/group |
To convert the old audit file pre_v4_auditbin, storing the results in converted_auditbin, enter the following command:
/usr/sbin/auditconv pre_v4_auditbin converted_auditbin
/usr/sbin/auditconv | Specifies the path of the auditconv command. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/audit/events | Contains the audit events of the system. |
/etc/security/audit/objects | Contains information about audited objects (files). |
/etc/security/audit/bincmds | Contains auditbin backend commands. |
/etc/security/audit/streamcmds | Contains auditstream commands. |
The audit command, auditbin daemon, auditcat command, auditpr command, auditselect command, auditstream command.
The audit subroutine.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX Version 4.3 System Management Concepts: Operating System and Devices.
To see the steps you must take to establish an Auditing System, refer to Setting up Auditing in AIX Version 4.3 System Management Guide: Operating System and Devices.