DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Auditable events

Process control events

The following events record actions related to the control of processes in the operating system. The majority of these events can be expected to occur frequently during normal use of the system. Therefore, the presence of these events in the log file does not automatically indicate a security problem. However, malicious users may try to use the setgid or setuid system calls to read data that they are not normally allowed to access. You may want to audit the set_gid and set_uid events to ensure that these system calls are always being used correctly.

Process control events

Event Description Manual page Object audit
exec execute an object exec(S) N
exit terminate a process exit(2), _lwp_exit(S) N
kill post a signal kill(2), _lwp_kill(2), UNRESOLVED XREF-0 sigsendset(S) N
fork create a new process vfork(2), _lwp_create(2), fork(2), UNRESOLVED XREF-0 fork1(S), UNRESOLVED XREF-0 forkall(S) N
set_gid change group ID UNRESOLVED XREF-0 setgid(S) N
set_grps set multiple groups UNRESOLVED XREF-0 setgroups(S) N
set_pgrps set process groups setpgrp(S) N
set_sid assign a session ID setsid(S) N
set_uid change user ID setuid(S) N


Next topic: User authentication events
Previous topic: Interprocess communication events

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005