DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Overview of the auditing subsystem

The purpose of auditing

An auditing facility records information about actions that may affect the security of a computer system. In particular, an auditing facility records any action by any user that may represent a breach of system security. For each action, the auditing facility records enough information about those actions to verify

The presence of auditing may also deter attempted security breaches, which can allow you to take action to contain the problem. Even if you do not detect a security breach as it occurs, you can use the audit trail to determine the extent of any security problems and to recover from them.

In most cases, security breaches are detected by patterns of usage, not by single actions. A single failed login on a terminal, for example, may indicate that a user had trouble typing a password correctly. Several failed logins on a terminal may indicate that a malicious user is trying to guess a password. To detect such patterns, you often need to record many events that are a normal part of daily activity on the system.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004