%! %%BoundingBox: (atend) %%Pages: (atend) %%DocumentFonts: (atend) %%EndComments %%BeginProlog % % FrameMaker postscript_prolog 3.0, for use with FrameMaker 3.0 % This postscript_prolog file is Copyright (c) 1986-1991 Frame Technology % Corporation. All rights reserved. This postscript_prolog file may be % freely copied and distributed in conjunction with documents created using % FrameMaker. % % Known Problems: % Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1 /FMversion (3.0) def % Set up Color vs. Black-and-White /FMPrintInColor false def /colorimage where { pop /currentcolortransfer where { pop /FMPrintInColor true def statusdict begin /processcolors where { pop processcolors 1 le { /FMPrintInColor false def } if }{ /deviceinfo where { pop deviceinfo /Colors known { deviceinfo /Colors get 1 le { /FMPrintInColor false def } if } if } if } ifelse end /currentcanvas where { % NeWSprint? pop systemdict /separationdict known not { /FMPrintInColor false def } if } if } if } if % Uncomment this line to force b&w on color printer % /FMPrintInColor false def /FrameDict 195 dict def systemdict /errordict known not {/errordict 10 dict def errordict /rangecheck {stop} put} if % The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk FrameDict /tmprangecheck errordict /rangecheck get put errordict /rangecheck {FrameDict /bug true put} put FrameDict /bug false put mark % Some PS machines read past the CR, so keep the following 3 lines together! currentfile 5 string readline 00 0000000000 cleartomark errordict /rangecheck FrameDict /tmprangecheck get put FrameDict /bug get { /readline { /gstring exch def /gfile exch def /gindex 0 def { gfile read pop dup 10 eq {exit} if dup 13 eq {exit} if gstring exch gindex exch put /gindex gindex 1 add def } loop pop gstring 0 gindex getinterval true } def } if /FMVERSION { FMversion ne { /Times-Roman findfont 18 scalefont setfont 100 100 moveto (FrameMaker version does not match postscript_prolog!) dup = show showpage } if } def /FMLOCAL { FrameDict begin 0 def end } def /gstring FMLOCAL /gfile FMLOCAL /gindex FMLOCAL /orgxfer FMLOCAL /orgproc FMLOCAL /organgle FMLOCAL /orgfreq FMLOCAL /yscale FMLOCAL /xscale FMLOCAL /manualfeed FMLOCAL /paperheight FMLOCAL /paperwidth FMLOCAL /FMDOCUMENT { array /FMfonts exch def /#copies exch def FrameDict begin 0 ne dup {setmanualfeed} if /manualfeed exch def /paperheight exch def /paperwidth exch def /yscale exch def /xscale exch def currenttransfer cvlit /orgxfer exch def currentscreen cvlit /orgproc exch def /organgle exch def /orgfreq exch def setpapername manualfeed {true} {papersize} ifelse {manualpapersize} {false} ifelse {desperatepapersize} if end } def /pagesave FMLOCAL /orgmatrix FMLOCAL /landscape FMLOCAL /FMBEGINPAGE { FrameDict begin /pagesave save def 3.86 setmiterlimit /landscape exch 0 ne def landscape { 90 rotate 0 exch neg translate pop } {pop pop} ifelse xscale yscale scale /orgmatrix matrix def gsave } def /FMENDPAGE { grestore pagesave restore end showpage } def /FMFONTDEFINE { FrameDict begin findfont ReEncode 1 index exch definefont FMfonts 3 1 roll put end } def /FMFILLS { FrameDict begin array /fillvals exch def end } def /FMFILL { FrameDict begin fillvals 3 1 roll put end } def /FMNORMALIZEGRAPHICS { newpath 0.0 0.0 moveto 1 setlinewidth 0 setlinecap 0 0 0 sethsbcolor 0 setgray } bind def /fx FMLOCAL /fy FMLOCAL /fh FMLOCAL /fw FMLOCAL /llx FMLOCAL /lly FMLOCAL /urx FMLOCAL /ury FMLOCAL /FMBEGINEPSF { end /FMEPSF save def /showpage {} def FMNORMALIZEGRAPHICS [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall fx fy translate rotate fw urx llx sub div fh ury lly sub div scale llx neg lly neg translate } bind def /FMENDEPSF { FMEPSF restore FrameDict begin } bind def FrameDict begin /setmanualfeed { %%BeginFeature *ManualFeed True statusdict /manualfeed true put %%EndFeature } def /max {2 copy lt {exch} if pop} bind def /min {2 copy gt {exch} if pop} bind def /inch {72 mul} def /pagedimen { paperheight sub abs 16 lt exch paperwidth sub abs 16 lt and {/papername exch def} {pop} ifelse } def /papersizedict FMLOCAL /setpapername { /papersizedict 14 dict def papersizedict begin /papername /unknown def /Letter 8.5 inch 11.0 inch pagedimen /LetterSmall 7.68 inch 10.16 inch pagedimen /Tabloid 11.0 inch 17.0 inch pagedimen /Ledger 17.0 inch 11.0 inch pagedimen /Legal 8.5 inch 14.0 inch pagedimen /Statement 5.5 inch 8.5 inch pagedimen /Executive 7.5 inch 10.0 inch pagedimen /A3 11.69 inch 16.5 inch pagedimen /A4 8.26 inch 11.69 inch pagedimen /A4Small 7.47 inch 10.85 inch pagedimen /B4 10.125 inch 14.33 inch pagedimen /B5 7.16 inch 10.125 inch pagedimen end } def /papersize { papersizedict begin /Letter {lettertray letter} def /LetterSmall {lettertray lettersmall} def /Tabloid {11x17tray 11x17} def /Ledger {ledgertray ledger} def /Legal {legaltray legal} def /Statement {statementtray statement} def /Executive {executivetray executive} def /A3 {a3tray a3} def /A4 {a4tray a4} def /A4Small {a4tray a4small} def /B4 {b4tray b4} def /B5 {b5tray b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end /FMdicttop countdictstack 1 add def statusdict begin stopped end countdictstack -1 FMdicttop {pop end} for } def /manualpapersize { papersizedict begin /Letter {letter} def /LetterSmall {lettersmall} def /Tabloid {11x17} def /Ledger {ledger} def /Legal {legal} def /Statement {statement} def /Executive {executive} def /A3 {a3} def /A4 {a4} def /A4Small {a4small} def /B4 {b4} def /B5 {b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end stopped } def /desperatepapersize { statusdict /setpageparams known { paperwidth paperheight 0 1 statusdict begin {setpageparams} stopped pop end } if } def /savematrix { orgmatrix currentmatrix pop } bind def /restorematrix { orgmatrix setmatrix } bind def /dmatrix matrix def /dpi 72 0 dmatrix defaultmatrix dtransform dup mul exch dup mul add sqrt def /freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def /sangle 1 0 dmatrix defaultmatrix dtransform exch atan def /DiacriticEncoding [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quotesingle /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute /Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis /atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis /iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve /ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex /udieresis /dagger /.notdef /cent /sterling /section /bullet /paragraph /germandbls /registered /copyright /trademark /acute /dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef /yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown /exclamdown /logicalnot /.notdef /florin /.notdef /.notdef /guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde /Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright /quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis /fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl /periodcentered /quotesinglbase /quotedblbase /perthousand /Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute /Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve /Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron /breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron ] def /ReEncode { dup length dict begin { 1 index /FID ne {def} {pop pop} ifelse } forall 0 eq {/Encoding DiacriticEncoding def} if currentdict end } bind def /graymode true def /bwidth FMLOCAL /bpside FMLOCAL /bstring FMLOCAL /onbits FMLOCAL /offbits FMLOCAL /xindex FMLOCAL /yindex FMLOCAL /x FMLOCAL /y FMLOCAL /setpattern { /bwidth exch def /bpside exch def /bstring exch def /onbits 0 def /offbits 0 def freq sangle landscape {90 add} if {/y exch def /x exch def /xindex x 1 add 2 div bpside mul cvi def /yindex y 1 add 2 div bpside mul cvi def bstring yindex bwidth mul xindex 8 idiv add get 1 7 xindex 8 mod sub bitshift and 0 ne {/onbits onbits 1 add def 1} {/offbits offbits 1 add def 0} ifelse } setscreen {} settransfer offbits offbits onbits add div FMsetgray /graymode false def } bind def /grayness { FMsetgray graymode not { /graymode true def orgxfer cvx settransfer orgfreq organgle orgproc cvx setscreen } if } bind def /HUE FMLOCAL /SAT FMLOCAL /BRIGHT FMLOCAL /Colors FMLOCAL FMPrintInColor { /HUE 0 def /SAT 0 def /BRIGHT 0 def % array of arrays Hue and Sat values for the separations [HUE BRIGHT] /Colors [[0 0 ] % black [0 0 ] % white [0.00 1.0] % red [0.37 1.0] % green [0.60 1.0] % blue [0.50 1.0] % cyan [0.83 1.0] % magenta [0.16 1.0] % comment / yellow ] def /BEGINBITMAPCOLOR { BITMAPCOLOR} def /BEGINBITMAPCOLORc { BITMAPCOLORc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUECOLOR } def /BEGINBITMAPTRUECOLORc { BITMAPTRUECOLORc } def /K { Colors exch get dup 0 get /HUE exch store 1 get /BRIGHT exch store HUE 0 eq BRIGHT 0 eq and {1.0 SAT sub setgray} {HUE SAT BRIGHT sethsbcolor} ifelse } def /FMsetgray { /SAT exch 1.0 exch sub store HUE 0 eq BRIGHT 0 eq and {1.0 SAT sub setgray} {HUE SAT BRIGHT sethsbcolor} ifelse } bind def } { /BEGINBITMAPCOLOR { BITMAPGRAY} def /BEGINBITMAPCOLORc { BITMAPGRAYc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUEGRAY } def /BEGINBITMAPTRUECOLORc { BITMAPTRUEGRAYc } def /FMsetgray {setgray} bind def /K { pop } def } ifelse /normalize { transform round exch round exch itransform } bind def /dnormalize { dtransform round exch round exch idtransform } bind def /lnormalize { 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop } bind def /H { lnormalize setlinewidth } bind def /Z { setlinecap } bind def /fillvals FMLOCAL /X { fillvals exch get dup type /stringtype eq {8 1 setpattern} {grayness} ifelse } bind def /V { gsave eofill grestore } bind def /N { stroke } bind def /M {newpath moveto} bind def /E {lineto} bind def /D {curveto} bind def /O {closepath} bind def /n FMLOCAL /L { /n exch def newpath normalize moveto 2 1 n {pop normalize lineto} for } bind def /Y { L closepath } bind def /x1 FMLOCAL /x2 FMLOCAL /y1 FMLOCAL /y2 FMLOCAL /rad FMLOCAL /R { /y2 exch def /x2 exch def /y1 exch def /x1 exch def x1 y1 x2 y1 x2 y2 x1 y2 4 Y } bind def /RR { /rad exch def normalize /y2 exch def /x2 exch def normalize /y1 exch def /x1 exch def newpath x1 y1 rad add moveto x1 y2 x2 y2 rad arcto x2 y2 x2 y1 rad arcto x2 y1 x1 y1 rad arcto x1 y1 x1 y2 rad arcto closepath 16 {pop} repeat } bind def /C { grestore gsave R clip } bind def /FMpointsize FMLOCAL /F { FMfonts exch get FMpointsize scalefont setfont } bind def /Q { /FMpointsize exch def F } bind def /T { moveto show } bind def /RF { rotate 0 ne {-1 1 scale} if } bind def /TF { gsave moveto RF show grestore } bind def /P { moveto 0 32 3 2 roll widthshow } bind def /PF { gsave moveto RF 0 32 3 2 roll widthshow grestore } bind def /S { moveto 0 exch ashow } bind def /SF { gsave moveto RF 0 exch ashow grestore } bind def /B { moveto 0 32 4 2 roll 0 exch awidthshow } bind def /BF { gsave moveto RF 0 32 4 2 roll 0 exch awidthshow grestore } bind def /G { gsave newpath normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath fill grestore } bind def /A { gsave savematrix newpath 2 index 2 div add exch 3 index 2 div sub exch normalize 2 index 2 div sub exch 3 index 2 div add exch translate scale 0.0 0.0 1.0 5 3 roll arc restorematrix stroke grestore } bind def /x FMLOCAL /y FMLOCAL /w FMLOCAL /h FMLOCAL /xx FMLOCAL /yy FMLOCAL /ww FMLOCAL /hh FMLOCAL /FMsaveobject FMLOCAL /FMoptop FMLOCAL /FMdicttop FMLOCAL /BEGINPRINTCODE { /FMdicttop countdictstack 1 add def /FMoptop count 4 sub def /FMsaveobject save def userdict begin /showpage {} def FMNORMALIZEGRAPHICS 3 index neg 3 index neg translate } bind def /ENDPRINTCODE { count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for FMsaveobject restore } bind def /gn { 0 { 46 mul cf read pop 32 sub dup 46 lt {exit} if 46 sub add } loop add } bind def /str FMLOCAL /cfs { /str sl string def 0 1 sl 1 sub {str exch val put} for str def } bind def /ic [ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx} {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx} {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12} {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh} {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh} {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl} {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl} {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl} {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl} ] def /sl FMLOCAL /val FMLOCAL /ws FMLOCAL /im FMLOCAL /bs FMLOCAL /cs FMLOCAL /len FMLOCAL /pos FMLOCAL /ms { /sl exch def /val 255 def /ws cfs /im cfs /val 0 def /bs cfs /cs cfs } bind def 400 ms /ip { is 0 cf cs readline pop { ic exch get exec add } forall pop } bind def /wh { /len exch def /pos exch def ws 0 len getinterval im pos len getinterval copy pop pos len } bind def /bl { /len exch def /pos exch def bs 0 len getinterval im pos len getinterval copy pop pos len } bind def /s1 1 string def /fl { /len exch def /pos exch def /val cf s1 readhexstring pop 0 get def pos 1 pos len add 1 sub {im exch val put} for pos len } bind def /hx { 3 copy getinterval cf exch readhexstring pop pop } bind def /h FMLOCAL /w FMLOCAL /d FMLOCAL /lb FMLOCAL /bitmapsave FMLOCAL /is FMLOCAL /cf FMLOCAL /wbytes { dup 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse } bind def /BEGINBITMAPBWc { 1 {} COMMONBITMAPc } bind def /BEGINBITMAPGRAYc { 8 {} COMMONBITMAPc } bind def /BEGINBITMAP2BITc { 2 {} COMMONBITMAPc } bind def /COMMONBITMAPc { /r exch def /d exch def gsave translate rotate scale /h exch def /w exch def /lb w d wbytes def sl lb lt {lb ms} if /bitmapsave save def r /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def w h d [w 0 0 h neg 0 h] {ip} image bitmapsave restore grestore } bind def /BEGINBITMAPBW { 1 {} COMMONBITMAP } bind def /BEGINBITMAPGRAY { 8 {} COMMONBITMAP } bind def /BEGINBITMAP2BIT { 2 {} COMMONBITMAP } bind def /COMMONBITMAP { /r exch def /d exch def gsave translate rotate scale /h exch def /w exch def /bitmapsave save def r /is w d wbytes string def /cf currentfile def w h d [w 0 0 h neg 0 h] {cf is readhexstring pop} image bitmapsave restore grestore } bind def /proc1 FMLOCAL /proc2 FMLOCAL /newproc FMLOCAL /Fmcc { /proc2 exch cvlit def /proc1 exch cvlit def /newproc proc1 length proc2 length add array def newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval newproc cvx } bind def /ngrayt 256 array def /nredt 256 array def /nbluet 256 array def /ngreent 256 array def /gryt FMLOCAL /blut FMLOCAL /grnt FMLOCAL /redt FMLOCAL /indx FMLOCAL /cynu FMLOCAL /magu FMLOCAL /yelu FMLOCAL /k FMLOCAL /u FMLOCAL /colorsetup { currentcolortransfer /gryt exch def /blut exch def /grnt exch def /redt exch def 0 1 255 { /indx exch def /cynu 1 red indx get 255 div sub def /magu 1 green indx get 255 div sub def /yelu 1 blue indx get 255 div sub def /k cynu magu min yelu min def /u k currentundercolorremoval exec def nredt indx 1 0 cynu u sub max sub redt exec put ngreent indx 1 0 magu u sub max sub grnt exec put nbluet indx 1 0 yelu u sub max sub blut exec put ngrayt indx 1 k currentblackgeneration exec sub gryt exec put } for {255 mul cvi nredt exch get} {255 mul cvi ngreent exch get} {255 mul cvi nbluet exch get} {255 mul cvi ngrayt exch get} setcolortransfer {pop 0} setundercolorremoval {} setblackgeneration } bind def /tran FMLOCAL /fakecolorsetup { /tran 256 string def 0 1 255 {/indx exch def tran indx red indx get 77 mul green indx get 151 mul blue indx get 28 mul add add 256 idiv put} for currenttransfer {255 mul cvi tran exch get 255.0 div} exch Fmcc settransfer } bind def /BITMAPCOLOR { /d 8 def gsave translate rotate scale /h exch def /w exch def /bitmapsave save def colorsetup /is w d wbytes string def /cf currentfile def w h d [w 0 0 h neg 0 h] {cf is readhexstring pop} {is} {is} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPCOLORc { /d 8 def gsave translate rotate scale /h exch def /w exch def /lb w d wbytes def sl lb lt {lb ms} if /bitmapsave save def colorsetup /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def w h d [w 0 0 h neg 0 h] {ip} {is} {is} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPTRUECOLORc { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def ws 0 w getinterval is copy pop /cf currentfile def w h 8 [w 0 0 h neg 0 h] {ip} {gip} {bip} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPTRUECOLOR { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def /gis w string def /bis w string def /cf currentfile def w h 8 [w 0 0 h neg 0 h] { cf is readhexstring pop } { cf gis readhexstring pop } { cf bis readhexstring pop } true 3 colorimage bitmapsave restore grestore } bind def /BITMAPTRUEGRAYc { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def ws 0 w getinterval is copy pop /cf currentfile def w h 8 [w 0 0 h neg 0 h] {ip gip bip w gray} image bitmapsave restore grestore } bind def /ww FMLOCAL /r FMLOCAL /g FMLOCAL /b FMLOCAL /i FMLOCAL /gray { /ww exch def /b exch def /g exch def /r exch def 0 1 ww 1 sub { /i exch def r i get .299 mul g i get .587 mul b i get .114 mul add add r i 3 -1 roll floor cvi put } for r } bind def /BITMAPTRUEGRAY { gsave translate rotate scale /h exch def /w exch def /bitmapsave save def /is w string def /gis w string def /bis w string def /cf currentfile def w h 8 [w 0 0 h neg 0 h] { cf is readhexstring pop cf gis readhexstring pop cf bis readhexstring pop w gray} image bitmapsave restore grestore } bind def /BITMAPGRAY { 8 {fakecolorsetup} COMMONBITMAP } bind def /BITMAPGRAYc { 8 {fakecolorsetup} COMMONBITMAPc } bind def /ENDBITMAP { } bind def end /ALDsave FMLOCAL /ALDmatrix matrix def ALDmatrix currentmatrix pop /StartALD { /ALDsave save def savematrix ALDmatrix setmatrix } bind def /InALD { restorematrix } bind def /DoneALD { ALDsave restore } bind def %%EndProlog %%BeginSetup (3.0) FMVERSION 1 1 612 792 0 1 22 FMDOCUMENT 0 0 /Palatino-Roman FMFONTDEFINE 1 0 /Palatino-Italic FMFONTDEFINE 2 0 /Courier FMFONTDEFINE 3 0 /Times-Bold FMFONTDEFINE 4 0 /Palatino-BoldItalic FMFONTDEFINE 5 0 /Palatino-Bold FMFONTDEFINE 6 0 /Courier-Bold FMFONTDEFINE 32 FMFILLS 0 0 FMFILL 1 0.1 FMFILL 2 0.3 FMFILL 3 0.5 FMFILL 4 0.7 FMFILL 5 0.9 FMFILL 6 0.97 FMFILL 7 1 FMFILL 8 <0f1e3c78f0e1c387> FMFILL 9 <0f87c3e1f0783c1e> FMFILL 10 FMFILL 11 FMFILL 12 <8142241818244281> FMFILL 13 <03060c183060c081> FMFILL 14 <8040201008040201> FMFILL 16 1 FMFILL 17 0.9 FMFILL 18 0.7 FMFILL 19 0.5 FMFILL 20 0.3 FMFILL 21 0.1 FMFILL 22 0.03 FMFILL 23 0 FMFILL 24 FMFILL 25 FMFILL 26 <3333333333333333> FMFILL 27 <0000ffff0000ffff> FMFILL 28 <7ebddbe7e7dbbd7e> FMFILL 29 FMFILL 30 <7fbfdfeff7fbfdfe> FMFILL %%EndSetup %%Page: "1" 1 %%BeginPaperSize: Letter %%EndPaperSize 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (1) 553.41 108.7 S 198 500.18 558 500.18 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 540.76 521.07 558.36 524.92 R 0 X V 540.76 514.65 558.36 518.5 R V 540.76 508.42 558.36 512.27 R V 540.76 518.61 558.36 521.29 R 7 X V 540.76 512.4 558.36 514.87 R V 54 522.64 558 589.39 C 0 72 612 720 C 1 20 Q 0 X 0 K (Security) 198 509.31 T 1 15 Q -0.94 (Solaris Basic Security Module \050BSM\051) 54 456.34 P 0 10 Q 0.44 0.1 (This article is excerpted fr) 198 434.68 B 0.44 0.1 (om) 316.47 434.68 B 1 F 0.44 0.1 (Solaris Basic Security Module \050BSM\051) 334 434.68 B 0 F 0.44 0.1 ( \050part number) 491.28 434.68 B 0.52 0.1 (800-8933-10\051. For a full technical description of the BSM pr) 198 422.28 B 0.52 0.1 (oduct and how to) 466.37 422.28 B 0.52 0.1 (install and administer it, please r) 198 409.88 B 0.52 0.1 (efer to the of) 348.58 409.88 B 0.52 0.1 (\336cial document in its entir) 407.1 409.88 B 0.52 0.1 (ety) 527.61 409.88 B 0.52 0.1 (.) 540.41 409.88 B 1 14 Q (Intr) 117.22 376.81 T (oduction) 139.52 376.81 T 0 10 Q 0.52 0.1 (The Solaris Basic Security Module \050BSM\051 pr) 198 355.48 B 0.52 0.1 (ovides the security featur) 397.69 355.48 B 0.52 0.1 (es) 513.74 355.48 B 0.52 0.1 (r) 198 343.08 B 0.52 0.1 (equir) 201.87 343.08 B 0.52 0.1 (ed by the C2 Class of the T) 225.47 343.08 B 0.52 0.1 (r) 348.63 343.08 B 0.52 0.1 (usted Computer System Evaluation Criteria) 352.6 343.08 B 0.52 0.1 (\050TCSEC\051 that ar) 198 330.68 B 0.52 0.1 (e not included in the standar) 269.98 330.68 B 0.52 0.1 (d Solaris 2.1 r) 402.23 330.68 B 0.52 0.1 (elease. The) 464.89 330.68 B 0.28 0.1 (additional featur) 198 318.28 B 0.28 0.1 (es ar) 274.15 318.28 B 0.28 0.1 (e the security auditing subsystem and a device allocation) 295.23 318.28 B 0.52 0.1 (mechanism that pr) 198 305.88 B 0.52 0.1 (ovides the r) 283.54 305.88 B 0.52 0.1 (equir) 337.58 305.88 B 0.52 0.1 (ed object r) 361.18 305.88 B 0.52 0.1 (euse characteristics for) 408.81 305.88 B 0.52 0.1 (r) 198 293.48 B 0.52 0.1 (emovable or assignable devices. C2 discr) 201.87 293.48 B 0.52 0.1 (etionary access contr) 388.33 293.48 B 0.52 0.1 (ol and) 483.12 293.48 B 0.4 0.1 (identi\336cation and authentication featur) 198 281.08 B 0.4 0.1 (es ar) 376.22 281.08 B 0.4 0.1 (e pr) 397.42 281.08 B 0.4 0.1 (ovided by the standar) 415.29 281.08 B 0.4 0.1 (d Solaris) 515.27 281.08 B 0.52 0.1 (2.1 system.) 198 268.68 B 1 14 Q -0.88 (Administering Auditing) 117.22 235.61 P 0 10 Q 0.38 0.1 (This section describes how t) 198 214.28 B 2 F 0.87 (o) 326.21 214.28 P 0 F 0.38 0.1 ( set up and administer auditing. Auditing makes) 332.21 214.28 B 0.52 0.1 (users accountable for their actions. The auditing mechanism allows an) 198 201.88 B 0.52 0.1 (administrator to detect potential security br) 198 189.48 B 0.52 0.1 (eaches. Auditing can r) 397.57 189.48 B 0.52 0.1 (eveal) 499.82 189.48 B 0.52 0.1 (suspicious or abnormal patterns of system usage and pr) 198 177.08 B 0.52 0.1 (ovide the means to) 454.35 177.08 B FMENDPAGE %%EndPage: "1" 2 %%Page: "2" 2 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (2) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 0 10 Q 0 X 0.2 0.1 (trace suspect actions back to a speci\336c user) 198 641.33 B 0.2 0.1 (. Auditing may serve as a deterr) 392.3 641.33 B 0.2 0.1 (ent:) 538.33 641.33 B 0.25 0.1 (if users know that their actions ar) 198 628.93 B 0.25 0.1 (e likely to be audited, they may be less likely) 350.61 628.93 B 0.52 0.1 (to attempt malicious activities.) 198 616.53 B 0.52 0.1 (Successful auditing depends on two other security featur) 198 596.13 B 0.52 0.1 (es:) 458.89 596.13 B 1 F 0.52 0.1 (Identi\336cation) 473.84 596.13 B 0 F 0.52 0.1 ( and) 528.92 596.13 B 1 F 0.52 0.1 (Authentication) 198 583.73 B 0 F 0.52 0.1 (. At login, after a user supplies a User Name and Passwor) 260.69 583.73 B 0.52 0.1 (d, a) 526.49 583.73 B 0.26 0.1 (unique audit ID is associated with the user) 198 571.33 B 0.26 0.1 (\325s pr) 393.76 571.33 B 0.26 0.1 (ocess. The audit ID is inherited) 413.81 571.33 B 0.52 0.1 (by every pr) 198 558.93 B 0.52 0.1 (ocess started during the login session. Even if a user changes) 250.75 558.93 B 0.52 0.1 (identity \050by using) 198 546.53 B 2 F 1.22 0.1 (su\0501\051) 282.56 546.53 B 0 F 0.52 0.1 (\051, all actions performed ar) 313.06 546.53 B 0.52 0.1 (e tracked with the same) 431.61 546.53 B 0.52 0.1 (audit ID.) 198 534.13 B 0.52 0.1 (Auditing makes it possible to:) 198 513.73 B 3 14 Q 0.14 (\245) 198 495.33 S 0 10 Q 0.52 0.1 (monitor security-r) 210.6 495.33 B 0.52 0.1 (elevant events that take place on the system) 293.39 495.33 B 3 14 Q 0.14 (\245) 198 482.93 S 0 10 Q 0.52 0.1 (r) 210.6 482.93 B 0.52 0.1 (ecor) 214.47 482.93 B 0.52 0.1 (d the events) 233.33 482.93 B 0.52 0.1 (in an) 292.22 482.93 B 1 F 0.52 0.1 (audit trail) 318.41 482.93 B 3 14 Q 0.14 (\245) 198 470.53 S 0 10 Q 0.52 0.1 (detect misuse or unauthorized activity \050by analyzing the audit trail\051) 210.6 470.53 B 0.4 0.1 (During system con\336guration, the system administrator selects which activities) 198 450.13 B 0.34 0.1 (to monitor) 198 437.73 B 0.34 0.1 (. The administrator may also \336ne-tune the degr) 245.51 437.73 B 0.34 0.1 (ee of auditing that is) 460.93 437.73 B 0.52 0.1 (done for individual users.) 198 425.33 B 0.3 0.1 (After audit data is collected, audit r) 198 404.93 B 0.3 0.1 (eduction and interpr) 360.23 404.93 B 0.3 0.1 (etation tools allow the) 454.08 404.93 B 0.52 0.1 (examination of inter) 198 392.53 B 0.52 0.1 (esting parts of the audit trail. For example, you may) 290.34 392.53 B 0.52 0.1 (choose to look at audit r) 198 380.13 B 0.52 0.1 (ecor) 309.26 380.13 B 0.52 0.1 (ds for individual users or gr) 328.12 380.13 B 0.52 0.1 (oups, look at all) 457.56 380.13 B 0.36 0.1 (r) 198 367.73 B 0.36 0.1 (ecor) 201.87 367.73 B 0.36 0.1 (ds for a certain type of event on a speci\336c day) 220.73 367.73 B 0.36 0.1 (, or select r) 429.77 367.73 B 0.36 0.1 (ecor) 479.77 367.73 B 0.36 0.1 (ds that wer) 498.63 367.73 B 0.36 0.1 (e) 550.05 367.73 B 0.52 0.1 (generated at a certain time of day) 198 355.33 B 0.52 0.1 (.) 351.16 355.33 B 1 13 Q -0.85 0.13 (Audit Startup) 198 326.93 B 0 10 Q 0.52 0.1 (Auditing is enabled by starting up the audit daemon,) 198 309.93 B 2 F 1.2 (auditd\0501M\051) 445.78 309.93 P 0 F 0.52 0.1 (. This can) 505.78 309.93 B 0.52 0.1 (be done manually be executing) 198 297.53 B 2 F 1.2 (/usr/sbin/auditd) 343.74 297.53 P 0 F 0.52 0.1 ( as the super) 439.74 297.53 B 0.52 0.1 (user \050) 498.15 297.53 B 2 F 1.22 0.1 (root) 524.11 297.53 B 0 F 0.52 0.1 (\051.) 548.51 297.53 B 0.52 0.1 (The existence of a \336le with the pathname) 198 277.13 B 2 F 1.2 (/etc/security/audit_startup) 389.47 277.13 P 0 F 0.52 0.1 (causes the audit daemon to be r) 198 264.73 B 0.52 0.1 (un automatically at system startup time. The) 344.06 264.73 B 2 F 0.16 (audit_startup) 198 252.33 P 0.16 0.1 (\0504\051) 276 252.33 B 0 F 0.07 0.1 ( \336le is actually an executable script that is invoked as part) 294.3 252.33 B 0.52 0.1 (of the startup sequence just prior to the execution of the audit daemon. A) 198 239.93 B 0.52 0.1 (default) 198 227.53 B 2 F 1.2 (audit_startup) 233.25 227.53 P 1.22 0.1 (\0504\051) 311.25 227.53 B 0 F 0.52 0.1 ( script is set up during the BSM package) 329.55 227.53 B 0.49 0.1 (installation that automatically con\336gur) 198 215.13 B 0.49 0.1 (es the event to class mappings and sets) 375.4 215.13 B 0.52 0.1 (the audit policies.) 198 202.73 B FMENDPAGE %%EndPage: "2" 3 %%Page: "3" 3 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (3) 553.41 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 1 13 Q 0 X -0.85 0.13 (Audit Classes and Events) 198 639.33 B 0 10 Q 0.02 0.1 (Security-r) 198 622.33 B 0.02 0.1 (elevant actions may be audited. The system actions that ar) 242.29 622.33 B 0.02 0.1 (e auditable) 505.43 622.33 B 0.52 0.1 (ar) 198 609.93 B 0.52 0.1 (e de\336ned as) 206.97 609.93 B 1 F 0.52 0.1 (audit events) 264.93 609.93 B 0 F 0.52 0.1 (in the) 318.94 609.93 B 2 F 1.22 0.1 (/usr/security/audit_event) 348.28 609.93 B 0 F 0.52 0.1 ( \336le. Each) 500.78 609.93 B -0.07 0.1 (auditable event is de\336ned in the) 198 597.53 B 2 F -0.17 0.1 (audit_event\0504\051) 345.13 597.53 B 0 F -0.07 0.1 ( \336le by a symbolic name, an) 430.53 597.53 B 0.52 0.1 (event number) 198 585.13 B 0.52 0.1 (, a set of pr) 260.74 585.13 B 0.52 0.1 (eselection classes, and a short description.) 312.48 585.13 B 0.52 0.1 (Most actions \050events\051 ar) 198 564.73 B 0.52 0.1 (e attributable to an individual user) 306.99 564.73 B 0.52 0.1 (. However) 466.08 564.73 B 0.52 0.1 (, some) 513.06 564.73 B 0.52 0.1 (events ar) 198 552.33 B 0.52 0.1 (e non-attributable because they occur befor) 239.24 552.33 B 0.52 0.1 (e a user is identi\336ed and) 436.74 552.33 B 0.52 0.1 (authenticated, or they occur at the kernel interr) 198 539.93 B 0.52 0.1 (upt level.) 414.74 539.93 B 0.52 0.1 (Each audit event is also de\336ned as belonging to an) 198 519.53 B 1 F 0.52 0.1 (audit class) 433.86 519.53 B 0 F 0.52 0.1 ( or classes. The) 478.16 519.53 B 0.52 0.1 (mapping of audit events to classes is con\336gurable. The entries in the) 198 507.13 B 2 F 1.2 (audit_event\0504\051) 198 494.73 P 0 F 0.52 0.1 ( \336le assign the event to one or mor) 282 494.73 B 0.52 0.1 (e classes in the thir) 441.62 494.73 B 0.52 0.1 (d) 528.81 494.73 B 0.1 (column.) 198 482.33 S 0.52 0.1 (Whether or not an auditable event is r) 198 461.93 B 0.52 0.1 (ecor) 372.91 461.93 B 0.52 0.1 (ded in the audit trail depends on) 391.77 461.93 B 0.52 0.1 (whether the administrator pr) 198 449.53 B 0.52 0.1 (eselects a class for auditing that includes the) 330.98 449.53 B 0.52 0.1 (speci\336c event. 32 actual audit classes ar) 198 437.13 B 0.52 0.1 (e de\336ned, besides the two global) 378.49 437.13 B 0.52 0.1 (classes:) 198 424.73 B 2 F 1.2 (all) 234.28 424.73 P 0 F 0.52 0.1 ( and) 252.28 424.73 B 2 F 1.2 (no) 275.75 424.73 P 0 F 0.52 0.1 (.) 287.75 424.73 B 4 11 Q -0.71 0.11 (Kernel Events) 198 399.67 B 0 10 Q 0.52 0.1 (Events generated by the kernel \050system calls\051 have event numbers between 1) 198 383.33 B 0.28 0.1 (and 2047. The event names for kernel events begin with) 198 370.93 B 2 F 0.66 (AUE_) 454.56 370.93 P 0 F 0.28 0.1 ( , followed by an) 478.56 370.93 B 0.52 0.1 (UPPERCASE mnemonic for the event. For example, the event number for the) 198 358.53 B 2 F 1.2 (creat) 198 346.13 P 1.22 0.1 (\0502\051) 228 346.13 B 0 F 0.52 0.1 ( system call is 4 and the event name is) 246.3 346.13 B 2 F 1.2 (AUE_CREAT) 425.53 346.13 P 0 F 0.52 0.1 ( .) 479.53 346.13 B 4 11 Q -0.71 0.11 (User-level Events) 198 321.07 B 0 10 Q 0.52 0.1 (Events generated by application softwar) 198 304.73 B 0.52 0.1 (e outside the kernel ar) 382.14 304.73 B 0.52 0.1 (e number) 484.57 304.73 B 0.52 0.1 (ed) 527.95 304.73 B 0.28 0.1 (gr) 198 292.33 B 0.28 0.1 (eater than 6144. The event names begin with) 207.53 292.33 B 2 F 0.64 (AUE_) 413 292.33 P 0 F 0.28 0.1 ( , followed by a lower) 437 292.33 B 0.28 0.1 (case) 536.25 292.33 B 0.52 0.1 (mnemonic for the event.) 198 279.93 B FMENDPAGE %%EndPage: "3" 4 %%Page: "4" 4 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (4) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 1 13 Q 0 X -0.85 0.13 (Audit Records) 198 639.33 B 0 10 Q 0.52 0.1 (Each) 198 622.33 B 1 F 0.52 0.1 (audit r) 222.89 622.33 B 0.52 0.1 (ecord) 251.43 622.33 B 0 F 0.52 0.1 ( describes the occurr) 273.22 622.33 B 0.52 0.1 (ence of a single audited event, including) 367.34 622.33 B 0.41 0.1 (such information as who did the action, which \336les wer) 198 609.93 B 0.41 0.1 (e af) 452.38 609.93 B 0.41 0.1 (fected, what action) 468.63 609.93 B 0.52 0.1 (was attempted, and wher) 198 597.53 B 0.52 0.1 (e and when it occurr) 314.4 597.53 B 0.52 0.1 (ed.) 409.23 597.53 B 0.52 0.1 (The type of information saved for each audit event is de\336ned as a set of) 198 577.13 B 1 F 0.52 0.1 (audit) 530.84 577.13 B 0.52 0.1 (tokens) 198 564.73 B 0 F 0.52 0.1 (. Each time an audit r) 224.15 564.73 B 0.52 0.1 (ecor) 323.01 564.73 B 0.52 0.1 (d is cr) 341.87 564.73 B 0.52 0.1 (eated for an event, the r) 370.08 564.73 B 0.52 0.1 (ecor) 479.64 564.73 B 0.52 0.1 (d contains) 498.5 564.73 B 0.39 0.1 (some or all of the tokens de\336ned for it, depending on the natur) 198 552.33 B 0.39 0.1 (e of the event.) 486.39 552.33 B 0 8 Q 0.31 0.08 (1) 550.83 556.33 B 0 10 Q 0.52 0.1 (When the) 198 531.93 B 2 F 1.22 0.1 (praudit) 245.24 531.93 B 0 F 0.52 0.1 ( command cr) 287.94 531.93 B 0.52 0.1 (eates human-r) 347.78 531.93 B 0.52 0.1 (eadable versions of the audit) 412.78 531.93 B 0.52 0.1 (r) 198 519.53 B 0.52 0.1 (ecor) 201.87 519.53 B 0.52 0.1 (ds, the short description of the event is included in the default output of) 220.73 519.53 B 2 F -0.05 0.1 (praudit) 198 507.13 B 0 F -0.02 0.1 (; the symbolic name is included in the output of) 240.7 507.13 B 2 F -0.05 0.1 (praudit) 458.79 507.13 B -0.05 0.1 (-s) 504.06 507.13 B 0 F -0.02 0.1 (; and the) 516.26 507.13 B 0.52 0.1 (event number is included in the output of) 198 494.73 B 2 F 1.22 0.1 (praudit) 393.33 494.73 B 1.22 0.1 (-r) 439.15 494.73 B 0 F 0.52 0.1 (.) 450.61 494.73 B 0 8 Q 0.42 0.08 (2) 453.21 498.73 B 1 13 Q -0.85 0.13 (Audit Flags) 198 466.33 B 0 10 Q 0.52 0.1 (Audit) 198 449.33 B 1 F 0.52 0.1 (\337ags) 227.71 449.33 B 0 F 0.52 0.1 ( indicate classes of events to audit. Machine-wide defaults for) 246.89 449.33 B 0.52 0.1 (auditing ar) 198 436.93 B 0.52 0.1 (e speci\336ed for all users on each machine using \337ags in the) 248.49 436.93 B 2 F 1.22 0.1 (audit_control\0504\051) 198 424.53 B 0 F 0.52 0.1 ( \336le, which is described in the section below) 295.6 424.53 B 0.52 0.1 (, \322The) 497.49 424.53 B 2 F 1.22 0.1 (audit_control) 198 412.13 B 0 F 0.52 0.1 ( File.\323) 277.3 412.13 B 0.52 0.1 (The system administrator can modify what gets audited for individual users) 198 391.73 B 0.52 0.1 (by putting audit \337ags in a user) 198 379.33 B 0.52 0.1 (\325s entry in the) 340.83 379.33 B 2 F 1.22 0.1 (/etc/security/audit_user) 407.51 379.33 B 0 F 0.16 0.1 (\336le. The audit \337ags ar) 198 366.93 B 0.16 0.1 (e also used as ar) 296.77 366.93 B 0.16 0.1 (guments to the) 370.67 366.93 B 2 F 0.36 (auditconf) 441.26 366.93 P 0.36 (ig) 495.26 366.93 P 0 F 0.16 0.1 ( command.) 507.26 366.93 B 4 11 Q -0.71 0.11 (De\336nitions of Audit Flags) 198 341.87 B 0 10 Q 0.52 0.1 (Each audit class is shown in T) 198 325.53 B 0.52 0.1 (able) 335.4 325.53 B 0.52 0.1 (1 with the audit \337ag \050which is the Short) 356.63 325.53 B 0.52 0.1 (Name that stands for the class\051, the long name, and a short description. The) 198 313.13 B 0.52 0.1 (system administrator uses the audit \337ags in the auditing con\336guration \336les to) 198 300.73 B 0.52 0.1 (specify which classes of events to audit.) 198 288.33 B 54 200 558 227 C 198 207.49 342 207.49 2 L 0.3 H 2 Z 0 X 0 K N 0 72 612 720 C 0 7 Q 0 X 0 K 0.07 (1.) 198 195.33 S -0.46 0.07 (The audit r) 205.2 195.33 B -0.46 0.07 (ecor) 239.23 195.33 B -0.46 0.07 (d descriptions in Appendix A of) 252.43 195.33 B 1 F -0.46 0.07 (Solaris Basic Security Module \050BSM\051) 353.54 195.33 B 0 F -0.46 0.07 ( list all the audit tokens) 460.59 195.33 B -0.46 0.07 (de\336ned for each event and what each token means.) 205.2 187.33 B 0.07 (2.) 198 175.33 S -0.46 0.07 (T) 205.2 175.33 B -0.46 0.07 (wo cr) 208.93 175.33 B -0.46 0.07 (oss-r) 225.98 175.33 B -0.46 0.07 (efer) 241.05 175.33 B -0.46 0.07 (ence tables in Appendix A of) 253.01 175.33 B 1 F -0.46 0.07 (Solaris Basic Security Module \050BSM\051) 343.59 175.33 B 0 F -0.46 0.07 ( translate the event numbers) 450.61 175.33 B -0.46 0.07 (and symbolic names to event descriptions to help you interpr) 205.2 167.33 B -0.46 0.07 (et the output of) 394.98 167.33 B 2 F -1.07 0.07 (praudit) 443.88 167.33 B 0 F -0.46 0.07 (. How the) 473.77 167.33 B 2 F -1.07 0.07 (praudit\0501M\051) 205.2 159.33 B 0 F -0.46 0.07 ( command r) 252.17 159.33 B -0.46 0.07 (eads and interpr) 289.24 159.33 B -0.46 0.07 (ets audit r) 340.26 159.33 B -0.46 0.07 (ecor) 371.17 159.33 B -0.46 0.07 (ds is described in Chapter 4 of the) 384.38 159.33 B 1 F -0.46 0.07 (BSM) 490.13 159.33 B 0 F -0.46 0.07 ( manual) 505.12 159.33 B -0.46 0.07 (\050\322Audit T) 205.2 151.33 B -0.46 0.07 (rail Analysis\323\051 and in the) 234.88 151.33 B 2 F -1.07 0.07 (praudit\0501M\051) 314.01 151.33 B 0 F -0.46 0.07 ( man page.) 360.98 151.33 B FMENDPAGE %%EndPage: "4" 5 %%Page: "5" 5 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (5) 553.41 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 4 11 Q 0 X -0.71 0.11 (Audit Flag Syntax) 198 328.67 B 0 10 Q 0 0.1 (Depending on the pr) 198 312.33 B 0 0.1 (e\336xes, a class of events can be audited whether it succeeds) 291.88 312.33 B 0.52 0.1 (or fails, or only if it succeeds or only if it fails. The format of the audit \337ag is) 198 299.93 B 0.52 0.1 (shown her) 198 287.53 B 0.52 0.1 (e.) 245.98 287.53 B 0.1 (<) 224.64 271.13 S 1 F 0.1 (pr) 230.8 271.13 S 0.1 (e\336x) 239.71 271.13 S 0 F 0.1 (><) 254.18 271.13 S 1 F 0.1 (\337ag) 266.5 271.13 S 0 F 0.1 (>) 281.69 271.13 S 0.52 0.1 (T) 198 250.73 B 0.52 0.1 (able) 203.31 250.73 B 0.52 0.1 (2 shows pr) 224.54 250.73 B 0.52 0.1 (e\336xes that specify whether the audit class is audited for) 274.46 250.73 B 0.52 0.1 (success or failur) 198 238.33 B 0.52 0.1 (e or both.) 271.52 238.33 B 1 9 Q 0.09 (T) 198 640 S 0.09 (able) 202.59 640 S 0.09 (1) 219.46 640 S 0 F 0.47 0.09 ( Audit Classes) 241.2 640 B 5 F 0.47 0.09 (Short Name) 198 623 B 0.47 0.09 (Long Name) 258.61 623 B 0.47 0.09 (Short Description) 355.02 623 B 2 F (no) 217.91 608 T 0 F 0.45 (invalid class) 258.61 608 P 0.47 0.09 (Null value for turning of) 355.02 608 B 0.47 0.09 (f event pr) 457.45 608 B 0.47 0.09 (eselection) 497.46 608 B 2 F (fr) 217.91 593 T 0 F 0.45 (\336le r) 258.61 593 P 0.45 (ead) 277.08 593 P 0.47 0.09 (Read of data, open for r) 355.02 593 B 0.47 0.09 (eading, etc.) 453.41 593 B 2 F (fw) 217.91 578 T 0 F 0.45 (\336le write) 258.61 578 P 0.47 0.09 (W) 355.02 578 B 0.47 0.09 (rite of data, open for writing, etc.) 363.44 578 B 2 F (fa) 217.91 563 T 0 F 0.45 (\336le attribute access) 258.61 563 P 0.45 (Access of object attributes:) 355.02 563 P 2 F 1.08 (stat) 464.16 563 P 0 F 0.45 (,) 485.76 563 P 2 F 1.08 (pathconf) 490.71 563 P 0 F 0.45 (, etc.) 533.91 563 P 2 F (fm) 217.91 548 T 0 F 0.45 (\336le attribute modify) 258.61 548 P 0.45 (Change of object attributes:) 355.02 548 P 2 F 1.08 (chown) 467.89 548 P 0 F 0.45 (,) 494.89 548 P 2 F 1.08 (f) 499.84 548 P 1.08 (lock) 505.24 548 P 0 F 0.45 (, etc.) 526.84 548 P 2 F (fc) 217.91 533 T 0 F 0.45 (\336le cr) 258.61 533 P 0.45 (eate) 281.08 533 P 0.47 0.09 (Cr) 355.02 533 B 0.47 0.09 (eation of object) 364.97 533 B 2 F (fd) 217.91 518 T 0 F 0.45 (\336le delete) 258.61 518 P 0.47 0.09 (Deletion of object) 355.02 518 B 2 F (cl) 217.91 503 T 0 F 0.45 (\336le close) 258.61 503 P 2 F 1.1 0.09 (close\0502\051) 355.02 503 B 0 F 0.47 0.09 ( system call) 398.93 503 B 2 F (pc) 217.91 488 T 0 F (pr) 258.61 488 T (ocess) 267.42 488 T 0.47 0.09 (Pr) 355.02 488 B 0.47 0.09 (ocess operations:) 364.02 488 B 2 F 1.1 0.09 (fork) 436.39 488 B 0 F 0.47 0.09 (,) 458.35 488 B 2 F 1.1 0.09 (exec) 463.5 488 B 0 F 0.47 0.09 (,) 485.46 488 B 2 F 1.1 0.09 (exit) 490.61 488 B 0 F 0.47 0.09 (, etc.) 512.57 488 B 2 F (nt) 217.91 473 T 0 F (network) 258.61 473 T 0.45 (Network events:) 355.02 473 P 2 F 1.08 (bind) 424.06 473 P 0 F 0.45 (,) 445.66 473 P 2 F 1.08 (connect) 450.61 473 P 0 F 0.45 (,) 488.41 473 P 2 F 1.08 (accept) 493.36 473 P 0 F 0.45 (, etc.) 525.76 473 P 2 F (ip) 217.91 458 T 0 F (ipc) 258.61 458 T 0.47 0.09 (System V IPC operations) 355.02 458 B 2 F (na) 217.91 443 T 0 F (non-attribute) 258.61 443 T 0.47 0.09 (Non-attributable events) 355.02 443 B 2 F (ad) 217.91 428 T 0 F (administrative) 258.61 428 T 0.47 0.09 (Administrative actions) 355.02 428 B 2 F (lo) 217.91 413 T 0 F 0.45 (login or logout) 258.61 413 P 0.47 0.09 (Login and logout events) 355.02 413 B 2 F (io) 217.91 398 T 0 F (ioctl) 258.61 398 T 2 F 1.1 0.09 (ioctl\0502\051) 355.02 398 B 0 F 0.47 0.09 ( system call) 398.93 398 B 2 F (ex) 217.91 383 T 0 F (exec) 258.61 383 T 0.47 0.09 (Pr) 355.02 383 B 0.47 0.09 (ogram execution) 364.02 383 B 2 F (ot) 217.91 368 T 0 F (other) 258.61 368 T 0.09 (Miscellaneous) 355.02 368 S 2 F (all) 215.21 353 T 0 F (all) 258.61 353 T 0.47 0.09 (All \337ags set) 355.02 353 B 1 F 0.09 (T) 198 221 S 0.09 (able) 202.59 221 S 0.09 (2) 219.46 221 S 0 F 0.47 0.09 ( Pr) 241.2 221 B 0.47 0.09 (e\336xes Used in Audit Flags) 253.02 221 B 5 F 0.09 (Pre\336x) 198 204 S 0.09 (De\336nition) 288 204 S 0 F 0.09 (none) 198 189 S 0.47 0.09 (audit for both success and failur) 288 189 B 0.47 0.09 (e) 421.04 189 B 2 F 0.09 (+) 198 174 S 0 F 0.47 0.09 (audit for success only) 288 174 B 2 F 0.09 (-) 198 159 S 0 F 0.47 0.09 (audit for failur) 288 159 B 0.47 0.09 (e only) 348.88 159 B 198 633 562.35 633 2 L V 0 Z N 198 618 562.35 618 2 L V 0.5 H N 198 348 562.35 348 2 L V 0.3 H N 198 214 450 214 2 L V N 198 199 450 199 2 L V 0.5 H N 198 154 450 154 2 L V 0.3 H N FMENDPAGE %%EndPage: "5" 6 %%Page: "6" 6 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (6) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 0 10 Q 0 X 0.52 0.1 (T) 198 641.33 B 0.52 0.1 (o give an example of how these work together) 203.31 641.33 B 0.52 0.1 (, the audit \337ag) 415.32 641.33 B 2 F 1.22 0.1 (lo) 485.32 641.33 B 0 F 0.52 0.1 ( means all) 497.52 641.33 B 0.52 0.1 (successful attempts to log in and log out and all failed attempts to log in \050you) 198 628.93 B 0.52 0.1 (cannot fail an attempt to logout\051. For another example, the) 198 616.53 B 2 F 1.22 0.1 (\320all) 469.54 616.53 B 0 F 0.52 0.1 ( \337ag r) 493.94 616.53 B 0.52 0.1 (efers to) 520.99 616.53 B 0.52 0.1 (all failed attempts of any kind, and the) 198 604.13 B 2 F 1.22 0.1 (+all) 379.65 604.13 B 0 F 0.52 0.1 ( \337ag r) 404.05 604.13 B 0.52 0.1 (efers to all successful) 431.1 604.13 B 0.52 0.1 (attempts of any kind.) 198 591.73 B 54 570.01 558 578 C 558 574.98 198 574.98 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 5 10 Q 0 X 0 K 0.31 0.1 (Caution \320) 198 563.34 B 0 F 0.31 0.1 (The) 246.29 563.34 B 2 F 0.74 0.1 (+all) 266.24 563.34 B 0 F 0.31 0.1 ( \337ag generates lar) 290.64 563.34 B 0.31 0.1 (ge amounts of data that can \336ll up audit) 371.4 563.34 B 0.52 0.1 (\336lesystems quickly) 198 550.94 B 0.52 0.1 (, so use it only if you have extraor) 283.63 550.94 B 0.52 0.1 (dinary r) 440.51 550.94 B 0.52 0.1 (easons to audit) 477.45 550.94 B 54 527.22 558 535.21 C 558 532.18 198 532.18 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 0 10 Q 0 X 0 K 0.1 (everything.) 198 538.54 S 4 11 Q -0.71 0.11 (Pr) 198 505.48 B -0.71 0.11 (e\336xes to Modify Pr) 209.64 505.48 B -0.71 0.11 (eviously-Set Audit Flags) 302.47 505.48 B 0 10 Q 0.52 0.1 (Use the following pr) 198 489.15 B 0.52 0.1 (e\336xes in either of two ways: in the) 292.22 489.15 B 2 F 1.22 0.1 (f) 453.35 489.15 B 1.22 0.1 (lags:) 459.45 489.15 B 0 F 0.52 0.1 ( line in the) 489.95 489.15 B 2 F 1.22 0.1 (audit_control) 198 476.75 B 0 F 0.52 0.1 ( \336le to modify alr) 277.3 476.75 B 0.52 0.1 (eady-speci\336ed \337ags, and in \337ags in the) 357.53 476.75 B 0.52 0.1 (user) 198 464.35 B 0.52 0.1 (\325s entry in the) 218.15 464.35 B 2 F 1.22 0.1 (/etc/security/audit_user) 284.83 464.35 B 0 F 0.52 0.1 ( \336le.) 431.23 464.35 B 0.52 0.1 (The pr) 198 443.95 B 0.52 0.1 (e\336xes in T) 228.14 443.95 B 0.52 0.1 (able) 274.15 443.95 B 0.52 0.1 (3, used along with the short names of audit classes, turn) 295.38 443.95 B 0.52 0.1 (on or turn of) 198 431.55 B 0.52 0.1 (f pr) 256.72 431.55 B 0.52 0.1 (eviously-speci\336ed audit classes. These pr) 273.25 431.55 B 0.52 0.1 (e\336xes turn on or of) 460.87 431.55 B 0.52 0.1 (f) 548.23 431.55 B 0.52 0.1 (pr) 198 419.15 B 0.52 0.1 (eviously-speci\336ed \337ags only) 207.98 419.15 B 0.52 0.1 (.) 336.46 419.15 B 0.52 0.1 (The) 198 317.75 B 2 F 1.22 0.1 (^-) 218.16 317.75 B 0 F 0.52 0.1 ( pr) 230.36 317.75 B 0.52 0.1 (e\336x is used in the) 243.46 317.75 B 2 F 1.22 0.1 (f) 327.38 317.75 B 1.22 0.1 (lags) 333.48 317.75 B 0 F 0.52 0.1 ( line in the following example fr) 357.88 317.75 B 0.52 0.1 (om an) 505.62 317.75 B 2 F 1.22 0.1 (audit_control) 198 305.35 B 0 F 0.52 0.1 ( \336le.) 277.3 305.35 B 0.27 0.1 (In the example below) 198 284.95 B 0.27 0.1 (, the) 294.97 284.95 B 2 F 0.63 0.1 (lo) 317.48 284.95 B 0 F 0.27 0.1 (,) 329.68 284.95 B 2 F 0.63 0.1 (nt) 335.15 284.95 B 0 F 0.27 0.1 (, and) 347.35 284.95 B 2 F 0.63 0.1 (ad) 372.92 284.95 B 0 F 0.27 0.1 ( \337ags specify that all logins, network,) 385.11 284.95 B 0.52 0.1 (and administrative operations ar) 198 272.55 B 0.52 0.1 (e to be audited when they succeed and when) 347.5 272.55 B 0.4 0.1 (they fail. The) 198 260.15 B 2 F 0.95 0.1 (\320all) 261.03 260.15 B 0 F 0.4 0.1 ( means audit all failed events. Because the) 285.43 260.15 B 2 F 0.95 0.1 (^-) 481.23 260.15 B 0 F 0.4 0.1 ( pr) 493.43 260.15 B 0.4 0.1 (e\336x means) 506.41 260.15 B 0.52 0.1 (turn of) 198 247.75 B 0.52 0.1 (f auditing for the speci\336ed class for failed attempts, the) 229.39 247.75 B 2 F 1.22 0.1 (^-fc) 486.01 247.75 B 0 F 0.52 0.1 ( \337ag) 510.4 247.75 B 0.52 0.1 (modi\336es the pr) 198 235.35 B 0.52 0.1 (evious \337ag that speci\336ed auditing of all failed events; the two) 267.48 235.35 B 0.52 0.1 (\336elds together mean \322audit all failed events, except failed attempts to cr) 198 222.95 B 0.52 0.1 (eate) 528.35 222.95 B 0.52 0.1 (\336lesystem objects.\323) 198 210.55 B 2 F -0.5 (f) 216 196.15 S -0.5 (lags:lo,nt,ad,-all,^-fc) 221.5 196.15 S 1 9 Q 0.09 (T) 198 401.82 S 0.09 (able) 202.59 401.82 S 0.09 (3) 219.46 401.82 S 0 F 0.47 0.09 ( Pr) 241.2 401.82 B 0.47 0.09 (e\336xes Used to Modify Alr) 253.02 401.82 B 0.47 0.09 (eady-Speci\336ed Audit Flags) 359.61 401.82 B 5 F 0.09 (Pre\336x) 198 384.82 S 0.09 (De\336nition) 270 384.82 S 2 F 0.09 (^-) 198 369.82 S 0 F 0.47 0.09 (T) 270 369.82 B 0.47 0.09 (urn of) 274.8 369.82 B 0.47 0.09 (f for failed attempts) 300.02 369.82 B 2 F 0.09 (^+) 198 354.82 S 0 F 0.47 0.09 (T) 270 354.82 B 0.47 0.09 (urn of) 274.8 354.82 B 0.47 0.09 (f for successful attempts) 300.02 354.82 B 2 F 0.09 (^) 198 339.82 S 0 F 0.47 0.09 (T) 270 339.82 B 0.47 0.09 (urn of) 274.8 339.82 B 0.47 0.09 (f for both failed and successful attempts) 300.02 339.82 B 198 394.82 504 394.82 2 L V 0.3 H 0 Z N 198 379.82 504 379.82 2 L V 0.5 H N 198 334.82 504 334.82 2 L V 0.3 H N FMENDPAGE %%EndPage: "6" 7 %%Page: "7" 7 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (7) 553.41 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 1 13 Q 0 X -0.85 0.13 (The) 198 639.33 B 2 F -1.98 0.13 (audit_control) 223.84 639.33 B 1 F -0.85 0.13 ( File) 326.93 639.33 B 0 10 Q 0.52 0.1 (An) 198 622.33 B 2 F 1.22 0.1 (audit_control\0504\051) 214.92 622.33 B 0 F 0.52 0.1 ( \336le on each machine is r) 312.52 622.33 B 0.52 0.1 (ead by the audit daemon,) 426.75 622.33 B 2 F 1.22 0.1 (auditd\0501M\051) 198 609.93 B 0 F 0.52 0.1 (. The) 259 609.93 B 2 F 1.22 0.1 (audit_control) 284.88 609.93 B 0 F 0.52 0.1 ( \336le is located in the) 364.18 609.93 B 2 F 1.22 0.1 (/etc/security) 460.07 609.93 B 0 F 0.52 0.1 (dir) 198 597.53 B 0.52 0.1 (ectory) 211.09 597.53 B 0.52 0.1 (. A separate) 238.04 597.53 B 2 F 1.2 (audit_control) 295.72 597.53 P 0 F 0.52 0.1 ( \336le is maintained on each machine,) 373.72 597.53 B 0.52 0.1 (because machines in the distributed system may be mounting their audit) 198 585.13 B 0.33 0.1 (\336lesystems fr) 198 572.73 B 0.33 0.1 (om dif) 258.14 572.73 B 0.33 0.1 (fer) 288.02 572.73 B 0.33 0.1 (ent locations or specifying them in a dif) 300.21 572.73 B 0.33 0.1 (fer) 481.05 572.73 B 0.33 0.1 (ent or) 493.24 572.73 B 0.33 0.1 (der) 519.77 572.73 B 0.33 0.1 (. For) 534.18 572.73 B 0.52 0.1 (example, the primary audit \336lesystem for) 198 560.33 B 4 F 0.52 0.1 (machine_a) 391.01 560.33 B 0 F 0.52 0.1 ( might be the secondary) 439.69 560.33 B 0.52 0.1 (audit \336lesystem for) 198 547.93 B 4 F 0.52 0.1 (machine_b) 289.78 547.93 B 0 F 0.52 0.1 (.) 338.27 547.93 B 0.52 0.1 (The system administrator speci\336es four kinds of information in four kinds of) 198 527.53 B 0.52 0.1 (lines in the) 198 515.13 B 2 F 1.22 0.1 (audit_control) 251.63 515.13 B 0 F 0.52 0.1 ( \336le:) 330.93 515.13 B 3 14 Q 0.14 (\245) 198 496.73 S 0 10 Q -0.08 0.1 (The) 210.6 496.73 B 1 F -0.08 0.1 (audit \337ags) 230.16 496.73 B 0 F -0.08 0.1 ( line \050) 273.47 496.73 B 2 F -0.18 0.1 (f) 298.78 496.73 B -0.18 0.1 (lags:) 304.88 496.73 B 0 F -0.08 0.1 (\051 contains the audit \337ags that de\336ne what classes) 335.38 496.73 B 0.51 0.1 (of events ar) 210.6 484.33 B 0.51 0.1 (e audited for all users on the machine. The audit \337ags speci\336ed) 263.93 484.33 B 0.52 0.1 (her) 210.6 471.93 B 0.52 0.1 (e ar) 225.28 471.93 B 0.52 0.1 (e r) 242.26 471.93 B 0.52 0.1 (eferr) 254.14 471.93 B 0.52 0.1 (ed to as the) 275.27 471.93 B 1 F 0.52 0.1 (machine-wide audit \337ags) 331.38 471.93 B 0 F 0.52 0.1 ( or the) 435.35 471.93 B 1 F 0.52 0.1 (machine-wide audit) 468.49 471.93 B 0.52 0.1 (pr) 210.6 459.53 B 0.52 0.1 (eselection mask) 219.51 459.53 B 0 F 0.52 0.1 (.) 283.1 459.53 B 0.52 0.1 (Audit \337ags ar) 288.82 459.53 B 0.52 0.1 (e separated by commas, with no spaces.) 351.9 459.53 B 3 14 Q 0.14 (\245) 198 441.13 S 0 10 Q -0.05 0.1 (The) 210.6 441.13 B 1 F -0.05 0.1 (non-attributable \337ags) 230.19 441.13 B 0 F -0.05 0.1 ( line \050) 319.44 441.13 B 2 F -0.11 0.1 (naf) 344.8 441.13 B -0.11 0.1 (lags:) 363.1 441.13 B 0 F -0.05 0.1 (\051 contains the audit \337ags that de\336ne) 393.6 441.13 B 0.5 0.1 (what classes of events ar) 210.6 428.73 B 0.5 0.1 (e audited when an action cannot be attributed to a) 323.49 428.73 B 0.52 0.1 (speci\336c user) 210.6 416.33 B 0.52 0.1 (. The \337ags ar) 265.97 416.33 B 0.52 0.1 (e separated by commas, with no spaces.) 325.22 416.33 B 3 14 Q 0.14 (\245) 198 397.93 S 0 10 Q -0.09 0.1 (The) 210.6 397.93 B 1 F -0.09 0.1 (audit thr) 230.15 397.93 B -0.09 0.1 (eshold) 266.61 397.93 B 0 F -0.09 0.1 ( line \050) 292.21 397.93 B 2 F -0.21 0.1 (minfree:) 317.5 397.93 B 0 F -0.09 0.1 (\051 de\336nes the minimum fr) 366.3 397.93 B -0.09 0.1 (ee space level for) 478.5 397.93 B 0.52 0.1 (all audit \336lesystems.) 210.6 385.53 B 0.52 0.1 (The) 210.6 365.13 B 2 F 1.22 0.1 (minfree) 230.76 365.13 B 0 F 0.52 0.1 ( per) 273.46 365.13 B 0.52 0.1 (centage must be gr) 291.45 365.13 B 0.52 0.1 (eater than or equal to 0. The default is) 377.98 365.13 B 0.1 (20%.) 210.6 352.73 S 3 14 Q 0.14 (\245) 198 334.33 S 0 10 Q 0.52 0.1 (The) 210.6 334.33 B 1 F 0.52 0.1 (dir) 230.76 334.33 B 0.52 0.1 (ectory de\336nition) 242.55 334.33 B 0 F 0.52 0.1 ( lines \050) 310.41 334.33 B 2 F 1.22 0.1 (dir:) 341.25 334.33 B 0 F 0.52 0.1 (\051 de\336ne which audit \336lesystems and) 365.65 334.33 B 0.52 0.1 (dir) 210.6 321.93 B 0.52 0.1 (ectories the machine will use to stor) 223.69 321.93 B 0.52 0.1 (e its audit trail \336les.) 388.41 321.93 B 0.52 0.1 (Ther) 210.6 301.53 B 0.52 0.1 (e may be one or mor) 231.51 301.53 B 0.52 0.1 (e dir) 326.55 301.53 B 0.52 0.1 (ectory de\336nition lines. The or) 347.65 301.53 B 0.52 0.1 (der of the) 482.46 301.53 B 2 F 1.22 0.1 (dir:) 530.12 301.53 B 0 F 0.02 0.1 (lines is signi\336cant, because) 210.6 289.13 B 2 F 0.04 0.1 (auditd) 334.71 289.13 B 0 F 0.02 0.1 ( opens audit \336les in the dir) 371.31 289.13 B 0.02 0.1 (ectories in the) 492.21 289.13 B 0.52 0.1 (or) 210.6 276.73 B 0.52 0.1 (der speci\336ed. The \336rst audit dir) 220.03 276.73 B 0.52 0.1 (ectory speci\336ed is the primary audit) 365.36 276.73 B 0.05 0.1 (dir) 210.6 264.33 B 0.05 0.1 (ectory for the machine, the second is the secondary audit dir) 223.69 264.33 B 0.05 0.1 (ectory wher) 496.64 264.33 B 0.05 0.1 (e) 550.47 264.33 B 0.52 0.1 (the audit daemon puts audit trail \336les when the \336rst one \336lls, and so forth.) 210.6 251.93 B 0.52 0.1 (The administrator cr) 198 231.53 B 0.52 0.1 (eates an) 291.69 231.53 B 2 F 1.22 0.1 (audit_control) 331.53 231.53 B 0 F 0.52 0.1 ( \336le during the con\336guration) 410.83 231.53 B 0.52 0.1 (pr) 198 219.13 B 0.52 0.1 (ocess on each machine.) 207.98 219.13 B 0.52 0.1 (After the) 198 198.73 B 2 F 1.22 0.1 (audit_control) 242.02 198.73 B 0 F 0.52 0.1 ( \336le is cr) 321.32 198.73 B 0.52 0.1 (eated during system con\336guration, the) 360.49 198.73 B -0.02 0.1 (administrator may later edit the \336le. After any change, the administrator enters) 198 186.33 B 2 F 1.22 0.1 (audit) 198 173.93 B 1.2 (-s) 231.5 173.93 P 0 F 0.52 0.1 ( to instr) 243.5 173.93 B 0.52 0.1 (uct the audit daemon to r) 279.26 173.93 B 0.52 0.1 (er) 396.27 173.93 B 0.52 0.1 (ead the) 405.03 173.93 B 2 F 1.22 0.1 (audit_control) 441.64 173.93 B 0 F 0.52 0.1 ( \336le.) 520.94 173.93 B FMENDPAGE %%EndPage: "7" 8 %%Page: "8" 8 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (8) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 4 11 Q 0 X -0.71 0.11 (Sample) 198 640.67 B 2 F -1.68 0.11 (audit_control) 236.86 640.67 B 4 F -0.71 0.11 ( File) 324.09 640.67 B 0 10 Q 0.3 0.1 (Following is a sample) 198 624.33 B 2 F 0.71 0.1 (audit_control) 300.27 624.33 B 0 F 0.3 0.1 ( \336le for the machine) 379.57 624.33 B 4 F 0.3 0.1 (dopey) 473.64 624.33 B 0 F 0.3 0.1 (.) 499.71 624.33 B 4 F 0.3 0.1 (dopey) 505.22 624.33 B 0 F 0.3 0.1 ( uses) 532.4 624.33 B 0.52 0.1 (two audit \336lesystems on the audit server) 198 611.93 B 4 F 0.52 0.1 (blinken) 388.35 611.93 B 0 F 0.52 0.1 (, and a thir) 422.2 611.93 B 0.52 0.1 (d audit \336lesystem) 472.65 611.93 B 0.52 0.1 (mounted fr) 198 599.53 B 0.52 0.1 (om the second audit server) 249.42 599.53 B 4 F 0.52 0.1 (winken) 376.92 599.53 B 0 F 0.52 0.1 (, which is used only when the) 410.3 599.53 B 0.1 0.1 (audit \336le system on) 198 587.13 B 4 F 0.1 0.1 (blinken) 289.68 587.13 B 0 F 0.1 0.1 ( \336lls up or is unavailable. The) 323.53 587.13 B 2 F 0.25 0.1 (minfree) 460.46 587.13 B 0 F 0.1 0.1 ( per) 503.16 587.13 B 0.1 0.1 (centage) 520.73 587.13 B 0.52 0.1 (of 20% speci\336es that the warning script \050) 198 574.73 B 2 F 1.22 0.1 (/etc/security/audit_warn) 384.65 574.73 B 0 F 0.52 0.1 (\051 is) 531.05 574.73 B 0.52 0.1 (r) 198 562.33 B 0.52 0.1 (un when the \336lesystems ar) 201.97 562.33 B 0.52 0.1 (e 80% \336lled and the audit data for the curr) 324.72 562.33 B 0.52 0.1 (ent) 520.44 562.33 B 0.28 0.1 (machine will be stor) 198 549.93 B 0.28 0.1 (ed in the available audit dir) 290.07 549.93 B 0.28 0.1 (ectory) 416.16 549.93 B 0.28 0.1 (, if any) 443.11 549.93 B 0.28 0.1 (. The \337ags specify) 473.48 549.93 B 0.52 0.1 (that all logins, network, and administrative operations ar) 198 537.53 B 0.52 0.1 (e to be audited) 459.42 537.53 B 0.52 0.1 (\050whether or not they succeed\051, and that failur) 198 525.13 B 0.52 0.1 (es of all types ar) 406.11 525.13 B 0.52 0.1 (e to be audited) 481.26 525.13 B 0.52 0.1 (except failur) 198 512.73 B 0.52 0.1 (es to cr) 254.72 512.73 B 0.52 0.1 (eate a \336lesystem object.) 287.52 512.73 B 2 F -0.5 (f) 216 498.33 S -0.5 (lags:lo,nt,ad,-all,^-fc) 221.5 498.33 S -0.5 (naf) 216 486.33 S -0.5 (lags:lo,nt) 232.5 486.33 S -0.5 (minfree:20) 216 474.33 S -0.5 (dir:/etc/security/audit/blinken/f) 216 462.33 S -0.5 (iles) 397.5 462.33 S -0.5 (dir:/etc/security/audit/blinken.1/f) 216 450.33 S -0.5 (iles) 408.5 450.33 S -0.5 (#) 216 438.33 S 1.1 -0.5 (# Audit f) 216 426.33 B 1.1 -0.5 (ilesystem used when blinken f) 267.7 426.33 B 1.1 -0.5 (ills up) 431.61 426.33 B -0.5 (#) 216 414.33 S 1.1 -0.5 (dir: /etc/security/audit/winken) 216 402.33 B 1 13 Q -0.85 0.13 (User Audit Fields in the) 198 374.33 B 2 F -1.98 0.13 (audit_user) 327.41 374.33 B 1 F -0.85 0.13 (File) 409.25 374.33 B 0 10 Q 0.52 0.1 (If it is desirable to audit some users dif) 198 357.33 B 0.52 0.1 (fer) 377.38 357.33 B 0.52 0.1 (ently fr) 389.57 357.33 B 0.52 0.1 (om others, the administrator) 422.83 357.33 B 0.52 0.1 (may edit the) 198 344.93 B 2 F 1.22 0.1 (audit_user) 258.69 344.93 B 0 F 0.52 0.1 ( \336le to add audit \337ags for individual users. If) 319.69 344.93 B 0.46 0.1 (speci\336ed, these \337ags ar) 198 332.53 B 0.46 0.1 (e combined with the system-wide \337ags speci\336ed in the) 303.57 332.53 B 0.52 0.1 (audit contr) 198 320.13 B 0.52 0.1 (ol \336le to determine which classes of events to audit for that user) 248.18 320.13 B 0.52 0.1 (.) 542.02 320.13 B 0.2 0.1 (The \337ags the administrator enters into the user) 198 307.73 B 0.2 0.1 (\325s entry in the) 411.73 307.73 B 2 F 0.48 0.1 (audit_user) 477.14 307.73 B 0 F 0.2 0.1 ( \336le) 538.14 307.73 B 0.47 0.1 (modify the defaults fr) 198 295.33 B 0.47 0.1 (om the) 297.95 295.33 B 2 F 1.11 0.1 (audit_control) 332.76 295.33 B 0 F 0.47 0.1 ( \336le in two ways: by specifying) 412.06 295.33 B 0.23 0.1 (a set of event classes that ar) 198 282.93 B 0.23 0.1 (e never to be audited for this user) 323.73 282.93 B 0.23 0.1 (, or by specifying) 476.61 282.93 B 0.52 0.1 (a set of event classes that ar) 198 270.53 B 0.52 0.1 (e always to be audited.) 325.48 270.53 B 0.08 0.1 (In the) 198 250.13 B 2 F 0.19 0.1 (audit_user) 226.92 250.13 B 0 F 0.08 0.1 ( \336le entry for each user) 287.92 250.13 B 0.08 0.1 (, ther) 391.42 250.13 B 0.08 0.1 (e ar) 414.75 250.13 B 0.08 0.1 (e thr) 431.29 250.13 B 0.08 0.1 (ee \336elds. The \336rst \336eld) 452.01 250.13 B 0.52 0.1 (is the username; the second \336eld is the) 198 237.73 B 1 F 0.52 0.1 (always audit) 378.74 237.73 B 0 F 0.52 0.1 ( \336eld; the thir) 431.84 237.73 B 0.52 0.1 (d is the) 494.39 237.73 B 1 F 0.52 0.1 (never) 531.47 237.73 B 0.52 0.1 (audit) 198 225.33 B 0 F 0.52 0.1 ( \336eld.) 219.61 225.33 B 0.52 0.1 (The two auditing \336elds ar) 198 204.93 B 0.52 0.1 (e pr) 316.85 204.93 B 0.52 0.1 (ocessed in sequence, so auditing is enabled by) 334.84 204.93 B 0.52 0.1 (the \336rst \336eld and turned of) 198 192.53 B 0.52 0.1 (f by the second.) 322.53 192.53 B FMENDPAGE %%EndPage: "8" 9 %%Page: "9" 9 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (9) 553.41 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 54 640.01 558 648 C 558 644.98 198 644.98 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 5 10 Q 0 X 0 K 0.52 0.1 (Note \320) 198 633.34 B 0 F 0.52 0.1 (A) 231.96 633.34 B 0.52 0.1 (void the common mistake of leaving the) 238.92 633.34 B 2 F 1.22 0.1 (all) 426.69 633.34 B 0 F 0.52 0.1 ( set in the) 444.99 633.34 B 1 F 0.52 0.1 (never audit) 493.16 633.34 B 0 F 0.12 0.1 (\336eld. This causes all auditing to be turned of) 198 620.94 B 0.12 0.1 (f for that user) 399.75 620.94 B 0.12 0.1 (, overriding the \337ags) 460.78 620.94 B 54 597.22 558 605.21 C 558 602.18 198 602.18 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 0 10 Q 0 X 0 K 0.52 0.1 (set in the) 198 608.54 B 1 F 0.52 0.1 (always audit) 243.05 608.54 B 0 F 0.52 0.1 ( \336eld.) 296.15 608.54 B 54 578.82 558 586.82 C 558 583.79 198 583.79 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 5 10 Q 0 X 0 K 0.52 0.1 (Note \320) 198 572.16 B 0 F 0.52 0.1 (Successful events and failed events ar) 231.96 572.16 B 0.52 0.1 (e tr) 404.41 572.16 B 0.52 0.1 (eated separately) 419.65 572.16 B 0.52 0.1 (, so a pr) 492.62 572.16 B 0.52 0.1 (ocess) 529.55 572.16 B 0.3 0.1 (can \050for example\051 generate mor) 198 559.76 B 0.3 0.1 (e audit r) 340.36 559.76 B 0.3 0.1 (ecor) 378.73 559.76 B 0.3 0.1 (ds when an err) 397.59 559.76 B 0.3 0.1 (or occurs \050such as a) 465.84 559.76 B 54 536.03 558 544.02 C 558 541 198 541 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 0 10 Q 0 X 0 K 0.52 0.1 (security violation\051 than when the event is successful.) 198 547.36 B 0.52 0.1 (Using the) 198 518.97 B 1 F 0.52 0.1 (never audit) 245.22 518.97 B 0 F 0.52 0.1 ( \337ags for a user is not the same as r) 292.68 518.97 B 0.52 0.1 (emoving classes fr) 455.64 518.97 B 0.52 0.1 (om) 539.46 518.97 B 0.15 0.1 (the) 198 506.57 B 1 F 0.15 0.1 (always audit) 214.92 506.57 B 0 F 0.15 0.1 ( set. For example, suppose \050as shown in the example below\051 we) 267.65 506.57 B 0.52 0.1 (have a user named) 198 494.17 B 2 F 1.22 0.1 (fred) 287.7 494.17 B 0 F 0.52 0.1 (, for whom we want to audit everything except) 312.1 494.17 B 0.52 0.1 (successful r) 198 481.77 B 0.52 0.1 (eads of \336lesystem objects \050this is a good way to audit almost) 250.68 481.77 B 0.52 0.1 (everything for a user while generating only about thr) 198 469.37 B 0.52 0.1 (ee-quarters of the audit) 442.43 469.37 B 0.27 0.1 (data that would be pr) 198 456.97 B 0.27 0.1 (oduced if all data r) 296.83 456.97 B 0.27 0.1 (eads wer) 383.05 456.97 B 0.27 0.1 (e also audited\051. Her) 423.66 456.97 B 0.27 0.1 (e ar) 513.28 456.97 B 0.27 0.1 (e two) 530.01 456.97 B 0.52 0.1 (possible) 198 444.57 B 2 F 1.22 0.1 (audit_user) 238.01 444.57 B 0 F 0.52 0.1 ( entries, but only the \336rst one is corr) 299.01 444.57 B 0.52 0.1 (ect:) 466.11 444.57 B 2 F -0.5 (fred:all,^+fr:) 216 426.17 S -0.5 (fred:all:+fr) 216 408.17 S 0 F 0.52 0.1 (The \336rst one says \322always audit everything except successful \336le-r) 198 388.17 B 0.52 0.1 (eads.\323 The) 502.59 388.17 B 0.52 0.1 (second one says \322always audit everything, but never audit successful) 198 375.77 B 0.17 0.1 (\336le-r) 198 363.37 B 0.17 0.1 (eads.\323 The second one is incorr) 219.35 363.37 B 0.17 0.1 (ect because it overrides the system default.) 360.63 363.37 B 0.52 0.1 (The \336rst example achieves the desir) 198 350.97 B 0.52 0.1 (ed ef) 361.66 350.97 B 0.52 0.1 (fect: any earlier default applies, as) 384.02 350.97 B 0.52 0.1 (well as what\325s speci\336ed in the) 198 338.57 B 2 F 1.22 0.1 (audit_user) 338.79 338.57 B 0 F 0.52 0.1 ( entry) 399.79 338.57 B 0.52 0.1 (.) 425.68 338.57 B 1 13 Q -0.85 0.13 (Pr) 198 310.17 B -0.85 0.13 (ocess Audit Characteristics) 211.03 310.17 B 0 10 Q 0.52 0.1 (The following audit characteristics ar) 198 293.17 B 0.52 0.1 (e set at initial login:) 368.05 293.17 B 3 14 Q 0.14 (\245) 198 274.77 S 0 10 Q 0.52 0.1 (Pr) 210.6 274.77 B 0.52 0.1 (ocess pr) 220.61 274.77 B 0.52 0.1 (eselection mask) 257.38 274.77 B 3 14 Q 0.14 (\245) 198 262.37 S 0 10 Q 0.52 0.1 (Audit ID) 210.6 262.37 B 3 14 Q 0.14 (\245) 198 249.97 S 0 10 Q 0.52 0.1 (Audit Session ID) 210.6 249.97 B 3 14 Q 0.14 (\245) 198 237.57 S 0 10 Q 0.52 0.1 (T) 210.6 237.57 B 0.52 0.1 (erminal ID \050port ID, machine ID\051) 215.91 237.57 B FMENDPAGE %%EndPage: "9" 10 %%Page: "10" 10 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (10) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 4 11 Q 0 X -0.71 0.11 (Pr) 198 640.67 B -0.71 0.11 (ocess Pr) 209.64 640.67 B -0.71 0.11 (eselection Mask) 249.62 640.67 B 0 10 Q 0.52 0.1 (When a user logs in,) 198 624.33 B 2 F 1.22 0.1 (login) 295.04 624.33 B 0 F 0.52 0.1 ( combines the machine-wide audit \337ags fr) 325.54 624.33 B 0.52 0.1 (om the) 517.93 624.33 B 2 F 1.22 0.1 (audit_control\0504\051) 198 611.93 B 0 F 0.52 0.1 ( \336le with the user) 295.6 611.93 B 0.52 0.1 (-speci\336c audit \337ags \050if any\051 fr) 376.26 611.93 B 0.52 0.1 (om the) 511.24 611.93 B 2 F 1.22 0.1 (audit_user\0504\051) 198 599.53 B 0 F 0.52 0.1 ( \336le, to establish the) 277.3 599.53 B 1 F 0.52 0.1 (pr) 372.24 599.53 B 0.52 0.1 (ocess pr) 381.15 599.53 B 0.52 0.1 (eselection mask) 413.86 599.53 B 0 F 0.52 0.1 (for the user) 480.57 599.53 B 0.52 0.1 (\325s) 534.16 599.53 B 0.52 0.1 (pr) 198 587.13 B 0.52 0.1 (ocesses. The pr) 207.98 587.13 B 0.52 0.1 (ocess pr) 276.74 587.13 B 0.52 0.1 (eselection mask speci\336es whether events in each) 313.51 587.13 B 0.52 0.1 (audit event class ar) 198 574.73 B 0.52 0.1 (e to generate audit r) 286.28 574.73 B 0.52 0.1 (ecor) 379.01 574.73 B 0.52 0.1 (ds.) 397.87 574.73 B 0.52 0.1 (The algorithm for obtaining the pr) 198 554.33 B 0.52 0.1 (ocess pr) 355.6 554.33 B 0.52 0.1 (eselection mask is as follows. The) 392.37 554.33 B 0.49 0.1 (audit \337ags fr) 198 541.93 B 0.49 0.1 (om the) 256.58 541.93 B 2 F 1.16 0.1 (f) 291.42 541.93 B 1.16 0.1 (lags:) 297.52 541.93 B 0 F 0.49 0.1 ( line in the) 328.02 541.93 B 2 F 1.16 0.1 (audit_control) 380.32 541.93 B 0 F 0.49 0.1 ( \336le ar) 459.62 541.93 B 0.49 0.1 (e added to the) 488.83 541.93 B 0.07 0.1 (\337ags fr) 198 529.53 B 0.07 0.1 (om the) 229.25 529.53 B 1 F 0.07 0.1 (always audit) 263.26 529.53 B 0 F 0.07 0.1 ( \336eld in the user) 315.91 529.53 B 0.07 0.1 (\325s entry in the) 390.11 529.53 B 2 F 0.17 0.1 (audit_user) 454.99 529.53 B 0 F 0.07 0.1 ( \336le. The) 515.99 529.53 B -0.02 0.1 (\337ags fr) 198 517.13 B -0.02 0.1 (om the) 229.16 517.13 B 1 F -0.02 0.1 (never audit) 262.97 517.13 B 0 F -0.02 0.1 ( \336eld fr) 309.88 517.13 B -0.02 0.1 (om the user) 342.6 517.13 B -0.02 0.1 (\325s entry in the) 396.56 517.13 B 2 F -0.06 0.1 (audit_user) 461.06 517.13 B 0 F -0.02 0.1 ( \336le ar) 522.06 517.13 B -0.02 0.1 (e) 550.23 517.13 B 0.52 0.1 (then subtracted fr) 198 504.73 B 0.52 0.1 (om the total.) 279.24 504.73 B 2 F 1.22 0.1 (\050f) 216 490.33 B 1.22 0.1 (lags:) 228.2 490.33 B 0 F 0.52 0.1 ( line +) 258.7 490.33 B 1 F 0.52 0.1 (always audit) 291.05 490.33 B 0 F 0.52 0.1 ( \337ags\051 \320) 344.15 490.33 B 1 F 0.52 0.1 (never audit) 383.32 490.33 B 0 F 0.52 0.1 ( \337ags =) 430.78 490.33 B 0.52 0.1 (user) 243 478.33 B 0.52 0.1 (\325s pr) 263.15 478.33 B 0.52 0.1 (ocess pr) 283.47 478.33 B 0.52 0.1 (eselection mask) 320.24 478.33 B 4 11 Q -0.71 0.11 (Audit ID) 198 453.67 B 0 10 Q 0.45 0.1 (A pr) 198 437.33 B 0.45 0.1 (ocess also acquir) 218.91 437.33 B 0.45 0.1 (es its audit ID when the user logs in, and this audit ID is) 295.04 437.33 B 0.52 0.1 (inherited by all child pr) 198 424.93 B 0.52 0.1 (ocesses started by the user) 306.82 424.93 B 0.52 0.1 (\325s initial pr) 429.12 424.93 B 0.52 0.1 (ocess. The audit) 478.98 424.93 B 0.52 0.1 (ID helps enfor) 198 412.53 B 0.52 0.1 (ce accountability) 263.49 412.53 B 0.52 0.1 (. Even after a user becomes) 338.86 412.53 B 2 F 1.22 0.1 (root) 467.07 412.53 B 0 F 0.52 0.1 (, the audit ID) 491.47 412.53 B 0.52 0.1 (r) 198 400.13 B 0.52 0.1 (emains the same. The audit ID that is saved in each audit r) 201.87 400.13 B 0.52 0.1 (ecor) 472.13 400.13 B 0.52 0.1 (d allows the) 490.99 400.13 B 0.52 0.1 (administrator to always trace actions back to a r) 198 387.73 B 0.52 0.1 (eal user) 418.12 387.73 B 0.52 0.1 (.) 452.91 387.73 B 4 11 Q -0.71 0.11 (Audit Session ID) 198 362.67 B 0 10 Q 0.52 0.1 (The audit session ID is assigned at login and inherited by all descendant) 198 346.33 B 0.1 (pr) 198 333.93 S 0.1 (ocesses.) 207.98 333.93 S 4 11 Q -0.71 0.11 (T) 198 308.87 B -0.71 0.11 (erminal ID) 203.61 308.87 B 0 10 Q 0.06 0.1 (The terminal ID consists of the hostname and the Internet addr) 198 292.53 B 0.06 0.1 (ess, followed by) 482.45 292.53 B 0.52 0.1 (a unique number that identi\336es the physical device on which the user logged) 198 280.13 B 0.23 0.1 (in. Most of the time, the login will be thr) 198 267.73 B 0.23 0.1 (ough the console and the number that) 382.24 267.73 B 0.52 0.1 (corr) 198 255.33 B 0.52 0.1 (esponds to the console device is 0.) 216.02 255.33 B 1 13 Q -0.85 0.13 (How the Audit T) 198 226.93 B -0.85 0.13 (rail is Cr) 285.88 226.93 B -0.85 0.13 (eated) 332.21 226.93 B 0 10 Q 0.01 0.1 (The) 198 209.93 B 1 F 0.01 0.1 (audit trail) 217.65 209.93 B 0 F 0.01 0.1 ( is cr) 259.58 209.93 B 0.01 0.1 (eated by the audit daemon,) 280.55 209.93 B 2 F 0.01 0.1 (auditd\0501M\051) 406.52 209.93 B 0 F 0.01 0.1 (. The audit daemon) 467.52 209.93 B 0.52 0.1 (starts r) 198 197.53 B 0.52 0.1 (unning on each machine when the machine is br) 229.64 197.53 B 0.52 0.1 (ought up. After the) 451.9 197.53 B 2 F 1.22 0.1 (auditd) 198 185.13 B 1.22 0.1 (p) 237.72 185.13 B 0 F 0.52 0.1 (r) 243.82 185.13 B 0.52 0.1 (ogram is started at boot time, it is r) 247.69 185.13 B 0.52 0.1 (esponsible for collecting the) 409.56 185.13 B 0.52 0.1 (audit trail data and writing the audit r) 198 172.73 B 0.52 0.1 (ecor) 374.48 172.73 B 0.52 0.1 (ds into) 393.34 172.73 B 1 F 0.52 0.1 (audit \336les) 427.98 172.73 B 0 F 0.52 0.1 (, which ar) 468.95 172.73 B 0.52 0.1 (e also) 514.59 172.73 B 0.1 (called) 198 160.33 S 1 F 0.1 (audit log \336les) 227.36 160.33 S 0 F 0.1 (. [See also the) 282.93 160.33 S 2 F -0 0.1 (audit.log\0504\051) 346.67 160.33 B 0 F 0.1 ( man page for a description of) 419.86 160.33 S 0.52 0.1 (the \336le format.]) 198 147.93 B FMENDPAGE %%EndPage: "10" 11 %%Page: "11" 11 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (1) 549.32 108.7 S 0.09 (1) 553.41 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 0 10 Q 0 X 0.52 0.1 (The audit daemon r) 198 641.33 B 0.52 0.1 (uns as) 288.79 641.33 B 2 F 1.22 0.1 (root) 320.86 641.33 B 0 F 0.52 0.1 (. All \336les it cr) 345.26 641.33 B 0.52 0.1 (eates ar) 407.41 641.33 B 0.52 0.1 (e owned by) 442.08 641.33 B 2 F 1.22 0.1 (root) 498.64 641.33 B 0 F 0.52 0.1 (. Even) 523.04 641.33 B 0.36 0.1 (when no auditing has been turned on,) 198 628.93 B 2 F 0.85 0.1 (auditd) 375.13 628.93 B 0 F 0.36 0.1 ( continuously operates, looking) 411.73 628.93 B 0.52 0.1 (for a place to put audit r) 198 616.53 B 0.52 0.1 (ecor) 310.71 616.53 B 0.52 0.1 (ds. The) 329.57 616.53 B 2 F 1.22 0.1 (auditd) 366 616.53 B 0 F 0.52 0.1 ( operations continue even if the) 402.6 616.53 B -0.04 0.1 (r) 198 604.13 B -0.04 0.1 (est of the machine\325s activities ar) 201.87 604.13 B -0.04 0.1 (e suspended because the kernel\325s audit buf) 345.29 604.13 B -0.04 0.1 (fers) 538.73 604.13 B 0.52 0.1 (ar) 198 591.73 B 0.52 0.1 (e full. The audit operations can continue because) 206.97 591.73 B 2 F 1.2 (auditd) 434.16 591.73 P 0 F 0.52 0.1 ( is not audited.) 470.16 591.73 B 0.52 0.1 (Only one audit daemon may r) 198 571.33 B 0.52 0.1 (un at a time. An attempt to start a second one) 336.6 571.33 B 0.34 0.1 (will r) 198 558.93 B 0.34 0.1 (esult in an err) 222.28 558.93 B 0.34 0.1 (or message, and the new one will exit. If ther) 285.58 558.93 B 0.34 0.1 (e is a pr) 490.91 558.93 B 0.34 0.1 (oblem) 527.04 558.93 B 0.52 0.1 (with the audit daemon, the administrator should try using) 198 546.53 B 2 F 1.22 0.1 (audit) 469.47 546.53 B 1.22 0.1 (-t) 503.09 546.53 B 0 F 0.52 0.1 ( to) 515.29 546.53 B 0.52 0.1 (terminate) 198 534.13 B 2 F 1.2 (auditd) 244.63 534.13 P 0 F 0.52 0.1 ( gracefully and then r) 280.63 534.13 B 0.52 0.1 (estart it manually) 379.78 534.13 B 0.52 0.1 (.) 459.24 534.13 B 0.52 0.1 (The) 198 513.73 B 2 F 1.22 0.1 (audit_warn\0501M\051) 218.16 513.73 B 0 F 0.52 0.1 ( script is r) 303.56 513.73 B 0.52 0.1 (un by) 349.65 513.73 B 2 F 1.22 0.1 (auditd) 379.23 513.73 B 0 F 0.52 0.1 ( whenever the daemon) 415.83 513.73 B 0.52 0.1 (switches audit \336les or encounters dif) 198 501.33 B 0.52 0.1 (\336culty \050such as a lack of storage\051. As) 366.32 501.33 B 0.52 0.1 (distributed, the) 198 488.93 B 2 F 1.22 0.1 (audit_warn) 271.21 488.93 B 0 F 0.52 0.1 ( script sends mail to an) 332.21 488.93 B 2 F 1.2 (audit_warn) 442.03 488.93 P 0 F 0.52 0.1 ( alias and) 502.03 488.93 B 0.52 0.1 (sends a message to the console. Y) 198 476.53 B 0.52 0.1 (our site should customize) 351.03 476.53 B 2 F 1.22 0.1 (audit_warn) 471.88 476.53 B 0 F 0.52 0.1 ( to) 532.88 476.53 B 0.22 0.1 (suit your needs \050described in the section below on \322The) 198 464.13 B 2 F 0.53 0.1 (audit_warn) 453.8 464.13 B 0 F 0.22 0.1 ( Script\323\051.) 514.8 464.13 B 0.52 0.1 (Y) 198 451.73 B 0.52 0.1 (ou must also make sur) 203.85 451.73 B 0.52 0.1 (e that the) 307.71 451.73 B 2 F 1.2 (audit_warn) 353.87 451.73 P 0 F 0.52 0.1 ( alias sends mail to a normal) 413.87 451.73 B 0.1 (user) 198 439.33 S 0.1 (.) 216.67 439.33 S 4 11 Q -0.71 0.11 (The) 198 414.27 B 2 F -1.68 0.11 (audit_data) 218.2 414.27 B 4 F -0.71 0.11 ( File) 285.3 414.27 B 0 10 Q 0.52 0.1 (When) 198 397.93 B 2 F 1.22 0.1 (auditd\0501M\051) 227.95 397.93 B 0 F 0.52 0.1 ( starts on each machine, it cr) 288.95 397.93 B 0.52 0.1 (eates the \336le) 419.84 397.93 B 2 F 1.22 0.1 (/etc/security/audit_data) 198 385.53 B 0 F 0.52 0.1 (. The format of the) 344.4 385.53 B 2 F 1.2 (audit_data) 433.23 385.53 P 1.22 0.1 (\0504\051) 493.23 385.53 B 0 F 0.52 0.1 ( \336le) 511.53 385.53 B 0.52 0.1 (consists of a single entry with the two \336elds separated by a colon. The \336rst) 198 373.13 B 0.32 0.1 (\336eld is the audit daemon\325s pr) 198 360.73 B 0.32 0.1 (ocess ID, and the second \336eld is the pathname of) 332.02 360.73 B 0.52 0.1 (the audit \336le to which the audit daemon is curr) 198 348.33 B 0.52 0.1 (ently writing audit r) 415.39 348.33 B 0.52 0.1 (ecor) 508.72 348.33 B 0.52 0.1 (ds.) 527.58 348.33 B 0.52 0.1 (Her) 198 335.93 B 0.52 0.1 (e is an example:) 215.18 335.93 B 2 F 1.1 -0.5 (#) 144 321.53 B 6 F 1.1 -0.5 (vi /etc/security/audit_data) 156.1 321.53 B 2 F 0.1 (116) 144 308.53 S -0.5 (:/etc/security/audit/blinken.1/f) 162.3 308.53 S -0.5 (iles/19910320100002.not_terminated.lazy) 338.3 308.53 S 4 11 Q -0.71 0.11 (The Audit Daemon\325) 198 284.87 B -0.71 0.11 (s Role) 293.38 284.87 B 0 10 Q 0.52 0.1 (The following list summarizes what the audit daemon,) 198 268.53 B 2 F 1.22 0.1 (auditd\0501M\051) 452.15 268.53 B 0 F 0.52 0.1 (, does:) 513.15 268.53 B 3 14 Q 0.14 (\245) 198 250.13 S 0 10 Q 0.52 0.1 (It opens and closes audit log \336les in the dir) 210.6 250.13 B 0.52 0.1 (ectories speci\336ed in the) 408.86 250.13 B 2 F 1.22 0.1 (audit_control) 210.6 237.73 B 0 F 0.52 0.1 ( \336le, in the or) 289.9 237.73 B 0.52 0.1 (der in which they ar) 351.56 237.73 B 0.52 0.1 (e speci\336ed.) 444.75 237.73 B 3 14 Q 0.14 (\245) 198 219.33 S 0 10 Q 0.52 0.1 (It r) 210.6 219.33 B 0.52 0.1 (eads audit data fr) 224.42 219.33 B 0.52 0.1 (om the kernel and writes it to an audit \336le.) 305.2 219.33 B 3 14 Q 0.14 (\245) 198 200.93 S 0 10 Q 0.52 0.1 (It sends warnings to the) 210.6 200.93 B 2 F 1.2 (audit_warn) 324.26 200.93 P 0 F 0.52 0.1 ( alias and to the console when audit) 384.26 200.93 B 0.52 0.1 (dir) 210.6 188.53 B 0.52 0.1 (ectories \336ll past limits speci\336ed in the) 223.69 188.53 B 2 F 1.22 0.1 (audit_control) 400.15 188.53 B 0 F 0.52 0.1 ( \336le.) 479.45 188.53 B FMENDPAGE %%EndPage: "11" 12 %%Page: "12" 12 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (12) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 3 14 Q 0 X 0.14 (\245) 198 641.33 S 0 10 Q 0.36 0.1 (When all audit dir) 210.6 641.33 B 0.36 0.1 (ectories ar) 294.33 641.33 B 0.36 0.1 (e full, pr) 340.91 641.33 B 0.36 0.1 (ocesses that generate audit r) 379.88 641.33 B 0.36 0.1 (ecor) 508.81 641.33 B 0.36 0.1 (ds ar) 527.67 641.33 B 0.36 0.1 (e) 550.15 641.33 B 0.52 0.1 (suspended and) 210.6 628.93 B 2 F 1.22 0.1 (auditd) 283.11 628.93 B 0 F 0.52 0.1 ( writes a message to the console and to the) 319.71 628.93 B 2 F 0.42 (audit_warn) 210.6 616.53 P 0 F 0.18 0.1 ( alias. At this point, only the system administrator could log in) 270.6 616.53 B 0.52 0.1 (to write audit \336les to tape, delete audit \336les fr) 210.6 604.13 B 0.52 0.1 (om the system, or do other) 421.28 604.13 B 0.1 (cleanup.) 210.6 591.73 S -0.05 0.1 (When the audit daemon starts up when the machine is br) 198 571.33 B -0.05 0.1 (ought up to multiuser) 456.17 571.33 B 0.52 0.1 (mode, or when the audit daemon is instr) 198 558.93 B 0.52 0.1 (ucted by the) 385.35 558.93 B 2 F 1.22 0.1 (audit) 445.3 558.93 B 1.22 0.1 (-s) 478.92 558.93 B 0 F 0.52 0.1 ( command to) 491.12 558.93 B 0.08 0.1 (r) 198 546.53 B 0.08 0.1 (er) 201.87 546.53 B 0.08 0.1 (ead the \336le after the \336le has been edited,) 210.63 546.53 B 2 F 0.19 0.1 (auditd) 396.09 546.53 B 0 F 0.08 0.1 ( r) 432.69 546.53 B 0.08 0.1 (eads the list of dir) 439.24 546.53 B 0.08 0.1 (ectories) 520.48 546.53 B 0.19 0.1 (fr) 198 534.13 B 0.19 0.1 (om the) 205.3 534.13 B 2 F 0.44 0.1 (audit_control) 239.54 534.13 B 0 F 0.19 0.1 ( \336le and uses those as possible locations for cr) 318.84 534.13 B 0.19 0.1 (eating) 527.17 534.13 B 0.52 0.1 (audit \336les.) 198 521.73 B 0.23 0.1 (The audit daemon maintains a pointer into this list of dir) 198 501.33 B 0.23 0.1 (ectories, starting with) 456.74 501.33 B 0.52 0.1 (the \336rst. Every time the audit daemon needs to cr) 198 488.93 B 0.52 0.1 (eate an audit \336le, it puts the) 425.67 488.93 B 0.52 0.1 (\336le into the \336rst available dir) 198 476.53 B 0.52 0.1 (ectory in the list, starting at the audit daemon\325s) 331.26 476.53 B 0.52 0.1 (curr) 198 464.13 B 0.52 0.1 (ent pointer) 216.59 464.13 B 0.52 0.1 (. The pointer may be r) 266.04 464.13 B 0.52 0.1 (eset to the beginning of the list if the) 368.26 464.13 B 0.52 0.1 (administrator enters the) 198 451.73 B 2 F 1.22 0.1 (audit) 310.98 451.73 B 1.22 0.1 (-s) 344.6 451.73 B 0 F 0.52 0.1 ( command. When the) 356.8 451.73 B 2 F 1.22 0.1 (audit) 458.07 451.73 B 1.22 0.1 (-n) 491.69 451.73 B 0 F 0.52 0.1 ( command) 503.89 451.73 B 0.52 0.1 (is used by the administrator to instr) 198 439.33 B 0.52 0.1 (uct the daemon to switch to a new audit) 362.62 439.33 B 0.52 0.1 (\336le, the new \336le is cr) 198 426.93 B 0.52 0.1 (eated in the same dir) 293.48 426.93 B 0.52 0.1 (ectory as the curr) 389.86 426.93 B 0.52 0.1 (ent \336le.) 469.48 426.93 B 4 11 Q -0.71 0.11 (What Makes a Dir) 198 401.87 B -0.71 0.11 (ectory Suitable) 288.18 401.87 B 0 10 Q 0.52 0.1 (A dir) 198 385.53 B 0.52 0.1 (ectory is) 222.09 385.53 B 1 F 0.52 0.1 (suitable) 263.74 385.53 B 0 F 0.52 0.1 ( to the audit daemon if it is accessible to the audit) 295.84 385.53 B 0.01 0.1 (daemon, which means that it must be mounted, that the network connection \050if) 198 373.13 B 0.52 0.1 (r) 198 360.73 B 0.52 0.1 (emote\051 permits successful access, and that the permissions on the dir) 201.87 360.73 B 0.52 0.1 (ectory) 517.23 360.73 B 0.3 0.1 (allow access. Also, in or) 198 348.33 B 0.3 0.1 (der for a dir) 306.81 348.33 B 0.3 0.1 (ectory to be suitable for audit \336les, it must) 361.88 348.33 B -0.12 0.1 (have suf) 198 335.93 B -0.12 0.1 (\336cient fr) 235.86 335.93 B -0.12 0.1 (ee space r) 273.52 335.93 B -0.12 0.1 (emaining. The administrator may edit the) 317.11 335.93 B 2 F -0.27 (minfree:) 507.42 335.93 P 0 F 0.52 0.1 (line in the) 198 323.53 B 2 F 1.22 0.1 (audit_control) 247.29 323.53 B 0 F 0.52 0.1 ( \336le to change the default of 20%. T) 326.59 323.53 B 0.52 0.1 (o give an) 488.45 323.53 B 0.52 0.1 (example of how the) 198 311.13 B 2 F 1.22 0.1 (minfree) 291.75 311.13 B 0 F 0.52 0.1 ( per) 334.45 311.13 B 0.52 0.1 (centage is applied, if the default minimum) 352.44 311.13 B 0.37 0.1 (fr) 198 298.73 B 0.37 0.1 (ee space of 20% is accepted, an e-mail notice is sent to the) 205.3 298.73 B 2 F 0.84 (audit_warn) 471.51 298.73 P 0 F 0.37 0.1 ( alias) 531.51 298.73 B 0.52 0.1 (whenever a \336lesystem becomes mor) 198 286.33 B 0.52 0.1 (e than 80% full.) 363.04 286.33 B 0.52 0.1 (When no dir) 198 265.93 B 0.52 0.1 (ectories on the list have enough fr) 255.64 265.93 B 0.52 0.1 (ee space left, the daemon starts) 411.41 265.93 B 0.52 0.1 (over fr) 198 253.53 B 0.52 0.1 (om the beginning of the list and picks the \336rst accessible dir) 228.67 253.53 B 0.52 0.1 (ectory that) 504.48 253.53 B 0.52 0.1 (has any space available until the har) 198 241.13 B 0.52 0.1 (d limit is r) 364.83 241.13 B 0.52 0.1 (eached. If no dir) 412.94 241.13 B 0.52 0.1 (ectories ar) 487.92 241.13 B 0.52 0.1 (e) 534.65 241.13 B 0.52 0.1 (suitable, the daemon stops pr) 198 228.73 B 0.52 0.1 (ocessing audit r) 333.02 228.73 B 0.52 0.1 (ecor) 405.2 228.73 B 0.52 0.1 (ds, and they accumulate) 424.06 228.73 B 0.52 0.1 (within the kernel until all pr) 198 216.33 B 0.52 0.1 (ocesses generating audit r) 328.38 216.33 B 0.52 0.1 (ecor) 446.78 216.33 B 0.52 0.1 (ds ar) 465.64 216.33 B 0.52 0.1 (e suspended.) 488.28 216.33 B 4 11 Q -0.71 0.11 (Keeping Audit Files Manageable) 198 191.27 B 0 10 Q 0.52 0.1 (T) 198 174.93 B 0.52 0.1 (o keep audit \336les at a manageable size, a) 203.31 174.93 B 2 F 1.22 0.1 (cron) 393.53 174.93 B 0 F 0.52 0.1 ( job can be set up that) 417.93 174.93 B 0.52 0.1 (periodically switches audit \336les. Intervals might range fr) 198 162.53 B 0.52 0.1 (om once per hour to) 457.33 162.53 B 0.52 0.1 (twice per day) 198 150.13 B 0.52 0.1 (, depending on the amount of audit data being collected.) 259.39 150.13 B FMENDPAGE %%EndPage: "12" 13 %%Page: "13" 13 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (13) 548.82 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 1 13 Q 0 X -0.85 0.13 (The) 198 639.33 B 2 F -1.98 0.13 (audit_warn) 220.43 639.33 B 1 F -0.85 0.13 (Script) 302.26 639.33 B 0 10 Q 0.52 0.1 (Whenever the audit daemon encounters an unusual condition while writing) 198 622.33 B 0.1 0.1 (audit r) 198 609.93 B 0.1 0.1 (ecor) 228.38 609.93 B 0.1 0.1 (ds, it invokes the) 247.24 609.93 B 2 F 0.24 0.1 (/usr/etc/audit_warn) 326.88 609.93 B 0 F 0.1 0.1 ( script. This script can be) 442.78 609.93 B 0.52 0.1 (customized by your site to warn of conditions that might r) 198 597.53 B 0.52 0.1 (equir) 466.9 597.53 B 0.52 0.1 (e manual) 490.5 597.53 B 0.52 0.1 (intervention, or to handle them automatically) 198 585.13 B 0.52 0.1 (. For all err) 405.28 585.13 B 0.52 0.1 (or conditions,) 456.44 585.13 B 2 F 0.59 0.1 (audit_warn\0501M\051) 198 572.73 B 0 F 0.25 0.1 ( writes a message to the console and sends a message to the) 283.4 572.73 B 2 F 1.22 0.1 (audit_warn) 198 560.33 B 0 F 0.52 0.1 ( alias. This alias should be set up by the administrator after the) 259 560.33 B 0.52 0.1 (BSM package is installed.) 198 547.93 B 0.52 0.1 (When the following conditions ar) 198 527.53 B 0.52 0.1 (e detected by the audit daemon, it invokes) 351.48 527.53 B 2 F 1.22 0.1 (audit_warn) 198 515.13 B 0 F 0.52 0.1 ( [see also the) 259 515.13 B 2 F 1.22 0.1 (audit_warn\0501M\051) 321.21 515.13 B 0 F 0.52 0.1 ( man page]:) 406.61 515.13 B 3 14 Q 0.14 (\245) 198 496.73 S 0 10 Q 0.52 0.1 (An audit dir) 210.6 496.73 B 0.52 0.1 (ectory has become mor) 267.54 496.73 B 0.52 0.1 (e full than the) 373.12 496.73 B 2 F 1.22 0.1 (minfree) 440.54 496.73 B 0 F 0.52 0.1 ( value allows.) 483.24 496.73 B 0.52 0.1 (\050The) 224.64 478.33 B 2 F 1.22 0.1 (minfree) 248.23 478.33 B 0 F 0.52 0.1 ( or soft limit is a per) 290.93 478.33 B 0.52 0.1 (centage of the space available on an) 384.59 478.33 B 0.52 0.1 (audit dir) 224.64 465.93 B 0.52 0.1 (ectory) 264.66 465.93 B 0.52 0.1 (.\051) 291.61 465.93 B 0.07 0.1 (The) 224.64 447.53 B 2 F 0.16 0.1 (audit_warn) 244.35 447.53 B 0 F 0.07 0.1 ( script is invoked with the string) 305.35 447.53 B 2 F 0.16 0.1 (soft) 455.03 447.53 B 0 F 0.07 0.1 ( and the name of) 479.43 447.53 B 0.47 0.1 (the dir) 224.64 435.13 B 0.47 0.1 (ectory as ar) 254.97 435.13 B 0.47 0.1 (guments. The audit daemon switches automatically to) 307.58 435.13 B 0.45 0.1 (the next suitable dir) 224.64 422.73 B 0.45 0.1 (ectory) 315.94 422.73 B 0.45 0.1 (, and writes the audit \336les ther) 342.89 422.73 B 0.45 0.1 (e until this new) 483.51 422.73 B 0.23 0.1 (dir) 224.64 410.33 B 0.23 0.1 (ectory r) 237.73 410.33 B 0.23 0.1 (eaches its) 272.49 410.33 B 2 F 0.54 0.1 (minfree) 318.54 410.33 B 0 F 0.23 0.1 ( limit. The audit daemon then goes to each) 361.24 410.33 B 0.52 0.1 (of the r) 224.64 397.93 B 0.52 0.1 (emaining dir) 257.91 397.93 B 0.52 0.1 (ectories in the or) 316.56 397.93 B 0.52 0.1 (der listed in) 393.09 397.93 B 2 F 1.22 0.1 (audit_control) 451.35 397.93 B 0 F 0.52 0.1 (, and) 530.65 397.93 B 0.52 0.1 (writes audit r) 224.64 385.53 B 0.52 0.1 (ecor) 286.65 385.53 B 0.52 0.1 (ds until each is at its) 305.51 385.53 B 2 F 1.22 0.1 (minfree) 403.18 385.53 B 0 F 0.52 0.1 ( limit.) 445.88 385.53 B 3 14 Q 0.14 (\245) 198 367.13 S 0 10 Q 0.52 0.1 (All the audit dir) 210.6 367.13 B 0.52 0.1 (ectories ar) 284.93 367.13 B 0.52 0.1 (e mor) 331.66 367.13 B 0.52 0.1 (e full than the) 358.03 367.13 B 2 F 1.22 0.1 (minfree) 425.45 367.13 B 0 F 0.52 0.1 ( thr) 468.15 367.13 B 0.52 0.1 (eshold.) 484.42 367.13 B 0.52 0.1 (The) 224.64 348.73 B 2 F 1.22 0.1 (audit_warn) 244.8 348.73 B 0 F 0.52 0.1 ( script is invoked with the string) 305.8 348.73 B 2 F 1.22 0.1 (allsoft) 458.64 348.73 B 0 F 0.52 0.1 ( as an) 501.34 348.73 B 0.52 0.1 (ar) 224.64 336.33 B 0.52 0.1 (gument. A message is written to the console and e-mail is sent to the) 233.61 336.33 B 2 F 1.22 0.1 (audit_warn) 224.64 323.93 B 0 F 0.52 0.1 ( alias.) 285.64 323.93 B 0.52 0.1 (When all audit dir) 224.64 305.53 B 0.52 0.1 (ectories listed in) 308.85 305.53 B 2 F 1.22 0.1 (audit_control) 386.6 305.53 B 0 F 0.52 0.1 ( ar) 465.9 305.53 B 0.52 0.1 (e at their) 477.99 305.53 B 2 F 1.22 0.1 (minfree) 224.64 293.13 B 0 F 0.52 0.1 ( limits, the audit daemon switches back to the \336rst one, and) 267.34 293.13 B 0.52 0.1 (writes audit r) 224.64 280.73 B 0.52 0.1 (ecor) 286.65 280.73 B 0.52 0.1 (ds until the dir) 305.51 280.73 B 0.52 0.1 (ectory completely \336lls.) 374.11 280.73 B 3 14 Q 0.14 (\245) 198 262.33 S 0 10 Q 0.52 0.1 (An audit dir) 210.6 262.33 B 0.52 0.1 (ectory has become completely full with no space r) 267.54 262.33 B 0.52 0.1 (emaining.) 496.96 262.33 B 0.07 0.1 (The) 224.64 243.93 B 2 F 0.16 0.1 (audit_warn) 244.35 243.93 B 0 F 0.07 0.1 ( script is invoked with the string) 305.35 243.93 B 2 F 0.16 0.1 (hard) 455.03 243.93 B 0 F 0.07 0.1 ( and the name of) 479.43 243.93 B 0.52 0.1 (the dir) 224.64 231.53 B 0.52 0.1 (ectory as ar) 255.02 231.53 B 0.52 0.1 (guments. A message is written to the console and) 307.73 231.53 B 0.52 0.1 (e-mail is sent to the) 224.64 219.13 B 2 F 1.22 0.1 (audit_warn) 317.56 219.13 B 0 F 0.52 0.1 ( alias.) 378.56 219.13 B 0.52 0.1 (The audit daemon switches automatically to the next suitable dir) 224.64 200.73 B 0.52 0.1 (ectory) 521.97 200.73 B 0.52 0.1 (with any space available, if any) 224.64 188.33 B 0.52 0.1 (. The audit daemon goes to each of the) 367.84 188.33 B 0.47 0.1 (r) 224.64 175.93 B 0.47 0.1 (emaining dir) 228.51 175.93 B 0.47 0.1 (ectories in the or) 287.11 175.93 B 0.47 0.1 (der listed in) 363.48 175.93 B 2 F 1.1 0.1 (audit_control) 421.58 175.93 B 0 F 0.47 0.1 (, and writes) 500.88 175.93 B 0.52 0.1 (audit r) 224.64 163.53 B 0.52 0.1 (ecor) 255.44 163.53 B 0.52 0.1 (ds until each is full.) 274.3 163.53 B FMENDPAGE %%EndPage: "13" 14 %%Page: "14" 14 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (14) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 3 14 Q 0 X 0.14 (\245) 198 641.33 S 0 10 Q 0.52 0.1 (All the audit dir) 210.6 641.33 B 0.52 0.1 (ectories ar) 284.93 641.33 B 0.52 0.1 (e completely full.) 331.66 641.33 B 0.52 0.1 (The) 224.64 622.93 B 2 F 1.22 0.1 (audit_warn) 244.8 622.93 B 0 F 0.52 0.1 ( script is invoked with the string) 305.8 622.93 B 2 F 1.22 0.1 (allhard) 458.64 622.93 B 0 F 0.52 0.1 ( as an) 501.34 622.93 B 0.52 0.1 (ar) 224.64 610.53 B 0.52 0.1 (gument. A message is written to the console and e-mail is sent to the) 233.61 610.53 B 2 F 1.22 0.1 (audit_warn) 224.64 598.13 B 0 F 0.52 0.1 ( alias. The pr) 285.64 598.13 B 0.52 0.1 (ocesses generating audit r) 345.18 598.13 B 0.52 0.1 (ecor) 463.58 598.13 B 0.52 0.1 (ds ar) 482.44 598.13 B 0.52 0.1 (e) 505.08 598.13 B 0.52 0.1 (suspended. The audit daemon will go into a loop waiting for space to) 224.64 585.73 B 0.52 0.1 (become available, and r) 224.64 573.33 B 0.52 0.1 (esume pr) 332.74 573.33 B 0.52 0.1 (ocessing audit r) 375.02 573.33 B 0.52 0.1 (ecor) 447.2 573.33 B 0.52 0.1 (ds when that) 466.06 573.33 B 0.52 0.1 (happens. While audit r) 224.64 560.93 B 0.52 0.1 (ecor) 329.6 560.93 B 0.52 0.1 (ds ar) 348.46 560.93 B 0.52 0.1 (e not being pr) 371.1 560.93 B 0.52 0.1 (ocessed, no auditable) 435.28 560.93 B 0.52 0.1 (activities take place\321every pr) 224.64 548.53 B 0.52 0.1 (ocess that attempts to generate an audit) 362.35 548.53 B 0.52 0.1 (r) 224.64 536.13 B 0.52 0.1 (ecor) 228.51 536.13 B 0.52 0.1 (d is suspended. This is one r) 247.37 536.13 B 0.52 0.1 (eason that you would want to set up) 378.38 536.13 B 0.52 0.1 (the administrator to r) 224.64 523.73 B 0.52 0.1 (un without any auditing, so that the administrator) 323.06 523.73 B 0.52 0.1 (can operate without being suspended.) 224.64 511.33 B 3 14 Q 0.14 (\245) 198 492.93 S 0 10 Q 0.52 0.1 (An internal err) 210.6 492.93 B 0.52 0.1 (or occurs: another audit daemon pr) 278.71 492.93 B 0.52 0.1 (ocess is alr) 440.88 492.93 B 0.52 0.1 (eady r) 490.12 492.93 B 0.52 0.1 (unning) 519.07 492.93 B 0.52 0.1 (\050string) 210.6 480.53 B 2 F 1.22 0.1 (ebusy) 243.49 480.53 B 0 F 0.52 0.1 (\051, a temporary \336le cannot be used \050string) 273.99 480.53 B 2 F 1.22 0.1 (tmpf) 464.1 480.53 B 1.22 0.1 (ile) 488.5 480.53 B 0 F 0.52 0.1 (\051, the) 506.8 480.53 B 2 F 1.2 (auditsvc) 210.6 468.13 P 0 F 0.52 0.1 ( system call fails \050string) 258.6 468.13 B 2 F 1.22 0.1 (auditsvc) 370.04 468.13 B 0 F 0.52 0.1 (\051, or a signal was r) 418.84 468.13 B 0.52 0.1 (eceived) 503.97 468.13 B 0.52 0.1 (during auditing shutdown \050string) 210.6 455.73 B 2 F 1.22 0.1 (postsigterm) 368.11 455.73 B 0 F 0.52 0.1 (\051.) 435.21 455.73 B 0.52 0.1 (E-mail is sent to the) 224.64 437.33 B 2 F 1.2 (audit_warn) 318.76 437.33 P 0 F 0.52 0.1 (alias.) 381.76 437.33 B 3 14 Q 0.14 (\245) 198 418.93 S 0 10 Q 0.52 0.1 (A pr) 210.6 418.93 B 0.52 0.1 (oblem is discover) 231.58 418.93 B 0.52 0.1 (ed with the) 311.36 418.93 B 2 F 1.22 0.1 (audit_control) 366.72 418.93 B 0 F 0.52 0.1 ( \336le\325s contents.) 446.02 418.93 B 0.18 0.1 (By default, e-mail is sent to the) 224.64 400.53 B 2 F 0.43 0.1 (audit_warn) 368.03 400.53 B 0 F 0.18 0.1 ( alias, and a message is sent) 429.03 400.53 B 0.52 0.1 (to the console.) 224.64 388.13 B 1 13 Q -0.85 0.13 (Using the) 198 359.73 B 2 F -1.98 0.13 (auditreduce) 252.51 359.73 B 1 F -0.85 0.13 ( Command) 339.74 359.73 B 0 10 Q 0.34 0.1 (The) 198 342.73 B 2 F 0.79 0.1 (auditreduce) 217.98 342.73 B 0 F 0.34 0.1 ( command mer) 285.08 342.73 B 0.34 0.1 (ges together audit r) 353.83 342.73 B 0.34 0.1 (ecor) 442.89 342.73 B 0.34 0.1 (ds fr) 461.75 342.73 B 0.34 0.1 (om one or mor) 482.54 342.73 B 0.34 0.1 (e) 550.17 342.73 B 0.45 0.1 (input audit \336les. Y) 198 330.33 B 0.45 0.1 (ou would usually enter this command fr) 282.32 330.33 B 0.45 0.1 (om the machine on) 467.26 330.33 B 0.52 0.1 (which all the audit trail \336les for the entir) 198 317.93 B 0.52 0.1 (e distributed system ar) 385.07 317.93 B 0.52 0.1 (e mounted.) 490.01 317.93 B 0.52 0.1 (W) 198 297.53 B 0.52 0.1 (ithout options,) 207.55 297.53 B 2 F 1.22 0.1 (auditreduce) 277.59 297.53 B 0 F 0.52 0.1 ( mer) 344.69 297.53 B 0.52 0.1 (ges the entir) 365.5 297.53 B 0.52 0.1 (e audit trail \050all of the) 421.85 297.53 B 0.52 0.1 (audit \336les in all of the subdir) 198 285.13 B 0.52 0.1 (ectories in the audit r) 331.32 285.13 B 0.52 0.1 (oot dir) 429.22 285.13 B 0.52 0.1 (ectory) 459.91 285.13 B 2 F 1.22 0.1 (/etc/security/audit) 198 272.73 B 0 F 0.52 0.1 (\051 and sends the mer) 313.9 272.73 B 0.52 0.1 (ged \336le to standar) 404.6 272.73 B 0.52 0.1 (d output.) 487.59 272.73 B 0.37 0.1 (The) 198 252.33 B 2 F 0.87 0.1 (praudit) 218.01 252.33 B 0 F 0.37 0.1 ( command, described in the section below on \322Using) 260.71 252.33 B 2 F 0.87 0.1 (praudit) 504.63 252.33 B 0 F 0.37 0.1 (\323,) 547.33 252.33 B 0.52 0.1 (makes the r) 198 239.93 B 0.52 0.1 (ecor) 251.2 239.93 B 0.52 0.1 (ds human-r) 270.06 239.93 B 0.52 0.1 (eadable.) 323.03 239.93 B 0.52 0.1 (The following ar) 198 219.53 B 0.52 0.1 (e some of the capabilities pr) 273.85 219.53 B 0.52 0.1 (ovided by options to the) 402.31 219.53 B 2 F 1.22 0.1 (auditreduce) 198 207.13 B 0 F 0.52 0.1 ( command:) 265.1 207.13 B 3 14 Q 0.14 (\245) 198 188.73 S 0 10 Q 0.52 0.1 (Give output containing audit r) 210.6 188.73 B 0.52 0.1 (ecor) 350.79 188.73 B 0.52 0.1 (ds generated only by certain audit \337ags.) 369.65 188.73 B 3 14 Q 0.14 (\245) 198 170.33 S 0 10 Q 0.52 0.1 (Show audit r) 210.6 170.33 B 0.52 0.1 (ecor) 269.79 170.33 B 0.52 0.1 (ds generated by one particular user) 288.65 170.33 B 0.52 0.1 (.) 450.56 170.33 B 3 14 Q 0.14 (\245) 198 151.93 S 0 10 Q 0.52 0.1 (Collect audit r) 210.6 151.93 B 0.52 0.1 (ecor) 276.08 151.93 B 0.52 0.1 (ds generated on speci\336c dates.) 294.94 151.93 B FMENDPAGE %%EndPage: "14" 15 %%Page: "15" 15 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (15) 548.82 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 4 11 Q 0 X -0.71 0.11 (How) 198 640.67 B 2 F -1.68 0.11 (auditreduce) 224.31 640.67 B 4 F -0.71 0.11 ( Helps in a Distributed System) 298.12 640.67 B 0 10 Q 0.52 0.1 (When multiple machines r) 198 624.33 B 0.52 0.1 (unning Solaris BSM ar) 319.26 624.33 B 0.52 0.1 (e administer) 421.69 624.33 B 0.52 0.1 (ed as part of a) 478.34 624.33 B -0.06 0.1 (distributed system, each machine performs auditable events, and each machine) 198 611.93 B 0.52 0.1 (writes audit r) 198 599.53 B 0.52 0.1 (ecor) 260.01 599.53 B 0.52 0.1 (ds to its own machine-speci\336c audit \336le. This simpli\336es) 278.87 599.53 B 0.52 0.1 (softwar) 198 587.13 B 0.52 0.1 (e and is r) 232.1 587.13 B 0.52 0.1 (obust in the face of machine failur) 274.8 587.13 B 0.52 0.1 (es. However) 431.45 587.13 B 0.52 0.1 (, unless a tool) 487.66 587.13 B 0.52 0.1 (existed to make it easier) 198 574.73 B 0.52 0.1 (, you would have to look at every one of the \336les to) 307.85 574.73 B 0.52 0.1 (determine a particular user) 198 562.33 B 0.52 0.1 (\325s actions.) 323.22 562.33 B 0.52 0.1 (The) 198 541.93 B 2 F 1.22 0.1 (auditreduce\0508\051) 218.16 541.93 B 0 F 0.52 0.1 ( command makes the job of maintaining the whole) 303.56 541.93 B 0.01 0.1 (audit trail practical. Using) 198 529.53 B 2 F 0.02 0.1 (auditreduce) 319 529.53 B 0 F 0.01 0.1 ( \050or shell scripts you write yourself to) 386.1 529.53 B 0.52 0.1 (pr) 198 517.13 B 0.52 0.1 (ovide a higher) 207.98 517.13 B 0.52 0.1 (-level interface\051, you can r) 274.01 517.13 B 0.52 0.1 (ead the logical combination of all) 393.47 517.13 B 0.52 0.1 (audit \336les in the system as a single audit trail, without r) 198 504.73 B 0.52 0.1 (egar) 455.1 504.73 B 0.52 0.1 (d to how the) 474.62 504.73 B 0.52 0.1 (r) 198 492.33 B 0.52 0.1 (ecor) 201.87 492.33 B 0.52 0.1 (ds wer) 220.73 492.33 B 0.52 0.1 (e generated or wher) 251.6 492.33 B 0.52 0.1 (e they ar) 343.55 492.33 B 0.52 0.1 (e stor) 383.48 492.33 B 0.52 0.1 (ed.) 408.62 492.33 B 0.52 0.1 (The) 198 471.93 B 2 F 1.22 0.1 (auditreduce) 218.16 471.93 B 0 F 0.52 0.1 ( pr) 285.26 471.93 B 0.52 0.1 (ogram operates on the audit r) 298.36 471.93 B 0.52 0.1 (ecor) 434.89 471.93 B 0.52 0.1 (ds pr) 453.75 471.93 B 0.52 0.1 (oduced by the) 477.4 471.93 B 0.52 0.1 (audit daemon. Recor) 198 459.53 B 0.52 0.1 (ds fr) 292.9 459.53 B 0.52 0.1 (om one or mor) 313.87 459.53 B 0.52 0.1 (e audit \336les ar) 382.06 459.53 B 0.52 0.1 (e selected and mer) 447.48 459.53 B 0.52 0.1 (ged) 532.78 459.53 B 0.52 0.1 (into a single, chr) 198 447.13 B 0.52 0.1 (onologically or) 274.07 447.13 B 0.52 0.1 (der) 342.22 447.13 B 0.52 0.1 (ed output \336le. The mer) 357.19 447.13 B 0.52 0.1 (ging and selecting) 462.8 447.13 B 0.52 0.1 (functions of) 198 434.73 B 2 F 1.22 0.1 (auditreduce) 255.44 434.73 B 0 F 0.52 0.1 ( ar) 322.54 434.73 B 0.52 0.1 (e logically independent.) 334.63 434.73 B 2 F 1.22 0.1 (auditreduce) 447.37 434.73 B 0 F 0.52 0.1 ( selects) 514.47 434.73 B 0.52 0.1 (messages fr) 198 422.33 B 0.52 0.1 (om the input \336les as the r) 250.91 422.33 B 0.52 0.1 (ecor) 368.69 422.33 B 0.52 0.1 (ds ar) 387.55 422.33 B 0.52 0.1 (e r) 410.19 422.33 B 0.52 0.1 (ead, befor) 422.07 422.33 B 0.52 0.1 (e the \336les ar) 467.37 422.33 B 0.52 0.1 (e) 523.15 422.33 B 0.52 0.1 (mer) 198 409.93 B 0.52 0.1 (ged and written to disk. [Refer to the) 215.69 409.93 B 2 F 1.22 0.1 (auditreduce\0508\051) 388.97 409.93 B 0 F 0.52 0.1 ( man page.]) 474.37 409.93 B 2 11 Q -1.68 0.11 (auditreduce) 198 384.87 B 4 F -0.71 0.11 ( Examples) 271.81 384.87 B 0 10 Q 0.52 0.1 (This section describes a few common uses of) 198 368.53 B 2 F 1.22 0.1 (auditreduce) 405.97 368.53 B 0 F 0.52 0.1 ( to analyze and) 473.07 368.53 B 0.52 0.1 (manage data.) 198 356.13 B 4 11 Q -0.71 0.11 (Example 1: How to Display the Whole Audit Log) 198 331.07 B 0 10 Q 0.29 0.1 (T) 198 314.73 B 0.29 0.1 (o display the whole audit trail at once, pipe the output of) 203.31 314.73 B 2 F 0.69 0.1 (auditreduce) 467.26 314.73 B 0 F 0.29 0.1 ( into) 534.36 314.73 B 2 F 0.1 (praudit) 198 302.33 S 0 F 0.1 (.) 240.7 302.33 S 2 F 1.1 -0.5 (#) 216 287.93 B 6 F 1.1 -0.5 (auditreduce | praudit) 228.1 287.93 B 4 11 Q -0.71 0.11 (Example 2: How to Print the Whole Audit Log) 198 263.27 B 0 10 Q 0.52 0.1 (W) 198 246.93 B 0.52 0.1 (ith a pipe to) 207.55 246.93 B 2 F 1.22 0.1 (lpr) 266.46 246.93 B 0 F 0.52 0.1 (, the output goes to the printer) 284.02 246.93 B 0.52 0.1 (.) 424.35 246.93 B 2 F 1.1 -0.5 (#) 216 232.53 B 6 F 1.1 -0.5 (auditreduce | praudit) 228.1 232.53 B 1.1 -0.5 ( | lpr) 345.8 232.53 B FMENDPAGE %%EndPage: "15" 16 %%Page: "16" 16 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (16) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 4 11 Q 0 X -0.71 0.11 (Example 3: How to Display User Activity on a Selected Data) 198 640.67 B 0 10 Q 0.52 0.1 (In the following example, the system administrator checks to see when a user) 198 624.33 B 0.37 0.1 (named) 198 611.93 B 2 F 0.88 0.1 (fred) 232.02 611.93 B 0 F 0.37 0.1 ( logged in and logged out on April 13, 1990, by r) 256.42 611.93 B 0.37 0.1 (equesting the) 478.81 611.93 B 6 F 0.88 0.1 (lo) 542.83 611.93 B 0 F 0.52 0.1 (message class. The short-form date is in the form) 198 599.53 B 1 F 0.52 0.1 (yymmdd) 425.81 599.53 B 0 F 0.52 0.1 ( \050the long form is) 461.97 599.53 B 0.52 0.1 (described on the) 198 587.13 B 2 F 1.22 0.1 (auditreduce\0508\051) 276.78 587.13 B 0 F 0.52 0.1 ( man page\051.) 362.18 587.13 B 2 F 1.1 -0.5 (#) 216 572.73 B 6 F 1.1 -0.5 (auditreduce -d 900413 -u fred -c lo | praudit) 228.1 572.73 B 4 11 Q -0.71 0.11 (Example 4: How to Copy Login/Logout Messages to a Single File) 198 548.07 B 0 10 Q 0.52 0.1 (In this example, login/logout messages for a particular day ar) 198 531.73 B 0.52 0.1 (e summarized) 482.52 531.73 B 0.52 0.1 (into a \336le. The tar) 198 519.33 B 0.52 0.1 (get \336le is written in a dir) 279.45 519.33 B 0.52 0.1 (ectory other than the normal audit) 393.63 519.33 B 0.52 0.1 (r) 198 506.93 B 0.52 0.1 (oot. This is the command line:) 201.87 506.93 B 2 F 1.1 -0.5 (#) 144 492.53 B 6 F 1.1 -0.5 (auditreduce -c lo -d 870413 -O /etc/security/audit_summary/logins) 156.1 492.53 B 0 F 0.52 0.1 (The) 198 473.53 B 6 F 1.1 -0.5 (-O) 218.16 473.53 B 0 F 0.52 0.1 ( option cr) 229.16 473.53 B 0.52 0.1 (eates an audit \336le with 14-character timestamps for both) 273.33 473.53 B 0.52 0.1 (start-time and end-time, and the suf) 198 461.13 B 0.52 0.1 (\336x \322) 363.02 461.13 B 2 F 1.1 -0.5 (logins) 382.65 461.13 B 0 F 0.52 0.1 (\323:) 415.65 461.13 B 2 F -0.5 (19870413000000.19870413235959.logins) 216 446.73 S 4 11 Q -0.71 0.11 (Example 5: How to Clean Up a) 198 422.07 B 2 F -1.68 0.11 (not_terminated) 349.18 422.07 B 4 F -0.71 0.11 ( Audit File) 443.12 422.07 B 0 10 Q 0.52 0.1 (Occasionally) 198 405.73 B 0.52 0.1 (, if a system crashes while its audit \336le is still open, or a server) 254.64 405.73 B 0.52 0.1 (becomes inaccessible and for) 198 393.33 B 0.52 0.1 (ces the machine to switch to a new server) 329.45 393.33 B 0.52 0.1 (, an) 519.68 393.33 B 0.5 0.1 (audit \336le r) 198 380.93 B 0.5 0.1 (emains in which the) 245.93 380.93 B 1 F 0.5 0.1 (end-time) 341.46 380.93 B 0 F 0.5 0.1 ( r) 377.82 380.93 B 0.5 0.1 (emains the string) 384.79 380.93 B 2 F 1.18 0.1 (not_terminated) 466.8 380.93 B 0 F 0.5 0.1 (,) 552.2 380.93 B 0.26 0.1 (even though the \336le is no longer being used to write audit r) 198 368.53 B 0.26 0.1 (ecor) 469.54 368.53 B 0.26 0.1 (ds. When such) 488.4 368.53 B 0.52 0.1 (a \336le is found, you can manually verify that the \336le is no longer in use and) 198 356.13 B 0.52 0.1 (clean it up by specifying the name of the \336le with the corr) 198 343.73 B 0.52 0.1 (ect options. The) 464.51 343.73 B 0.52 0.1 (following example shows the commands:) 198 331.33 B 2 F 1.1 -0.5 (#) 216 316.93 B 6 F 1.1 -0.5 (cd /etc/security/audit/) 228.1 316.93 B 4 F 0.4 -0.5 () 355.7 316.93 B 2 F 1.1 -0.5 (#) 216 302.93 B 6 F 1.1 -0.5 (auditreduce -O) 228.1 302.93 B 4 F 0.4 -0.5 () 312.8 302.93 B 2 F -0.5 (19870413120429.not_terminated.) 216 288.93 S 4 F -0.5 () 381 288.93 S 0 F 0.52 0.1 (This cr) 198 268.93 B 0.52 0.1 (eates a new audit \336le with the corr) 229.03 268.93 B 0.52 0.1 (ect name \050both timestamps\051 and the) 388.58 268.93 B 0.52 0.1 (corr) 198 256.53 B 0.52 0.1 (ect suf) 216.02 256.53 B 0.52 0.1 (\336x \050) 245.65 256.53 B 4 F 0.4 -0.5 (machine) 263.61 256.53 B 0 F 0.52 0.1 (, explicitly speci\336ed\051, and copies all the messages into it.) 297.33 256.53 B 4 11 Q -0.71 0.11 (Other Useful) 198 231.47 B 2 F -1.68 0.11 (auditreduce) 263.99 231.47 B 4 F -0.71 0.11 ( Options) 337.8 231.47 B 2 10 Q 1.22 0.1 (auditreduce) 198 215.13 B 0 F 0.52 0.1 ( has many additional options described in the man page. Note) 265.1 215.13 B 0.51 0.1 (that the upper) 198 202.73 B 0.51 0.1 (case options select operations or parameters for) 263.24 202.73 B 2 F 1.2 0.1 (f) 484.16 202.73 B 1.2 0.1 (iles) 490.26 202.73 B 0 F 0.51 0.1 (, and the) 514.66 202.73 B 0.52 0.1 (lower) 198 190.33 B 0.52 0.1 (case options select parameters for) 223.77 190.33 B 2 F 1.22 0.1 (records) 380.99 190.33 B 0 F 0.52 0.1 (. This subsection shows how) 423.69 190.33 B 0.52 0.1 (to make use of two mor) 198 177.93 B 0.52 0.1 (e useful options.) 307.17 177.93 B FMENDPAGE %%EndPage: "16" 17 %%Page: "17" 17 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (17) 548.82 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 0 10 Q 0 X 0.52 0.1 (The) 198 641.33 B 1 F 0.52 0.1 (date-time) 218.16 641.33 B 0 F 0.52 0.1 ( options) 256.83 641.33 B 6 F 1.22 0.1 (-b) 296.93 641.33 B 0 F 0.52 0.1 ( and) 309.13 641.33 B 6 F 1.22 0.1 (-a) 332.6 641.33 B 0 F 0.52 0.1 ( allow specifying r) 344.8 641.33 B 0.52 0.1 (ecor) 429.72 641.33 B 0.52 0.1 (ds befor) 448.58 641.33 B 0.52 0.1 (e or after a) 485.63 641.33 B 0.52 0.1 (particular day/time. A day begins at) 198 628.93 B 1 F 0.52 0.1 (yyyymmdd) 369.86 628.93 B 0 F 0.52 0.1 (00:00:00 and ends at) 416.22 628.93 B 1 F 0.52 0.1 (yyyymmdd) 198 616.53 B 0 F 0.52 0.1 (23:59:59. The six parameters of a day ar) 244.36 616.53 B 0.52 0.1 (e: year) 425.1 616.53 B 0.52 0.1 (, month, day) 454.67 616.53 B 0.52 0.1 (, hour) 511.66 616.53 B 0.52 0.1 (,) 538.29 616.53 B 0.52 0.1 (minute, and second. The digits \050) 198 604.13 B 6 F 1.22 0.1 (19) 345.79 604.13 B 0 F 0.52 0.1 (\051 of the year ar) 357.99 604.13 B 0.52 0.1 (e assumed and need not be) 425.73 604.13 B 0.1 (speci\336ed.) 198 591.73 S 0.24 0.1 (If) 198 571.33 B 6 F 0.57 0.1 (-a) 207.74 571.33 B 0 F 0.24 0.1 ( is not speci\336ed,) 219.94 571.33 B 2 F 0.57 0.1 (auditreduce) 296.24 571.33 B 0 F 0.24 0.1 ( defaults to 00:00:00, January 1, 1970. If) 363.34 571.33 B 6 F 0.57 0.1 (-b) 542.86 571.33 B 0 F 0.43 0.1 (is not speci\336ed,) 198 558.93 B 2 F 1.01 0.1 (auditreduce) 272.02 558.93 B 0 F 0.43 0.1 ( defaults to the curr) 339.12 558.93 B 0.43 0.1 (ent time of day \050GMT\051. The) 429.38 558.93 B 6 F 1.22 0.1 (-d) 198 546.53 B 0 F 0.52 0.1 ( option selects a particular 24-hour period, as shown in Example 4 on the) 210.2 546.53 B 0.52 0.1 (pr) 198 534.13 B 0.52 0.1 (evious page.) 207.98 534.13 B 0.52 0.1 (The) 198 513.73 B 2 F 1.22 0.1 (auditreduce) 218.16 513.73 B 1.22 0.1 (-a) 288.38 513.73 B 1.22 0.1 (c) 303.7 513.73 B 0 F 0.52 0.1 (ommand, with the date shown in the following) 309.8 513.73 B 0.52 0.1 (example, sends all audit r) 198 501.33 B 0.52 0.1 (ecor) 315.77 501.33 B 0.52 0.1 (ds cr) 334.63 501.33 B 0.52 0.1 (eated) 356.71 501.33 B 1 F 0.52 0.1 (after) 384.28 501.33 B 0 F 0.52 0.1 ( midnight on July 15, 1991 to) 403.11 501.33 B 2 F 0.1 (praudit) 198 488.93 S 0 F 0.1 (:) 240.7 488.93 S 2 F 1.1 -0.5 (#) 216 474.53 B 6 F 1.1 -0.5 (auditreduce) 228.1 474.53 B 1.1 -0.5 (-a 91071500:00:00 | praudit) 295.2 474.53 B 0 F 0.52 0.1 (The) 198 454.53 B 2 F 1.22 0.1 (auditreduce) 218.16 454.53 B 1.22 0.1 (-b) 288.38 454.53 B 1.22 0.1 (c) 303.7 454.53 B 0 F 0.52 0.1 (ommand, with the same date as shown above, sends) 309.8 454.53 B 0.52 0.1 (all audit r) 198 442.13 B 0.52 0.1 (ecor) 243.04 442.13 B 0.52 0.1 (ds cr) 261.9 442.13 B 0.52 0.1 (eated) 283.98 442.13 B 1 F 0.52 0.1 (befor) 311.55 442.13 B 0.52 0.1 (e) 331.5 442.13 B 0 F 0.52 0.1 ( midnight on July 15, 1991 to) 335.49 442.13 B 2 F 1.22 0.1 (praudit) 471.18 442.13 B 0 F 0.52 0.1 (:) 513.88 442.13 B 2 F 1.1 -0.5 (#) 216 427.73 B 6 F 1.1 -0.5 (auditreduce) 228.1 427.73 B 1.1 -0.5 (-b 91071500:00:00 | praudit) 295.2 427.73 B 0 F 0.52 0.1 (The message type selection for) 198 407.73 B 2 F 1.22 0.1 (auditreduce) 341.37 407.73 B 0 F 0.52 0.1 ( \050the) 408.47 407.73 B 2 F 1.22 0.1 (-m) 432.31 407.73 B 0 F 0.52 0.1 ( option\051 accepts either) 444.51 407.73 B 0.52 0.1 (numeric message identi\336ers or) 198 395.33 B 2 F 1.22 0.1 (AUE_) 341.54 395.33 B 1 F 0.52 0.1 (xxxxx) 365.94 395.33 B 0 F 0.52 0.1 ( codes) 391.44 395.33 B 2 F 1.22 0.1 (.) 420.1 395.33 B 1.22 0.1 (Auditreduce) 429.32 395.33 B 0 F 0.52 0.1 ( r) 496.42 395.33 B 0.52 0.1 (ejects an) 503.41 395.33 B 0.52 0.1 (incorr) 198 382.93 B 0.52 0.1 (ect format, but does not describe the corr) 224.95 382.93 B 0.52 0.1 (ect format.) 413.32 382.93 B 1 13 Q -0.85 0.13 (Using) 198 354.53 B 2 F -1.98 0.13 (praudit) 233.7 354.53 B 0 10 Q 0.32 0.1 (The) 198 339.53 B 2 F 0.75 0.1 (praudit) 217.96 339.53 B 0 F 0.32 0.1 ( command r) 260.66 339.53 B 0.32 0.1 (eads audit r) 315.56 339.53 B 0.32 0.1 (ecor) 369.62 339.53 B 0.32 0.1 (ds fr) 388.48 339.53 B 0.32 0.1 (om standar) 409.26 339.53 B 0.32 0.1 (d input and displays) 460.57 339.53 B 0.52 0.1 (them on standar) 198 327.13 B 0.52 0.1 (d output in human-r) 272.72 327.13 B 0.52 0.1 (eadable form. Usually) 367.17 327.13 B 0.52 0.1 (, the input is either) 466.83 327.13 B 0.52 0.1 (piped fr) 198 314.73 B 0.52 0.1 (om) 234.75 314.73 B 2 F 1.22 0.1 (auditreduce) 252.36 314.73 B 0 F 0.52 0.1 ( or a single audit \336le. Input may also be pr) 319.46 314.73 B 0.52 0.1 (oduced) 515.85 314.73 B 0.52 0.1 (with) 198 302.33 B 2 F 1.22 0.1 (cat\0501\051) 221.85 302.33 B 0 F 0.52 0.1 ( to concatenate several \336les, or) 258.45 302.33 B 2 F 1.22 0.1 (tail\0501\051) 401.9 302.33 B 0 F 0.52 0.1 ( for a curr) 444.6 302.33 B 0.52 0.1 (ent audit \336le.) 490.69 302.33 B 2 F 1.22 0.1 (praudit) 198 283.93 B 0 F 0.52 0.1 ( can generate thr) 240.7 283.93 B 0.52 0.1 (ee output formats: default, short \050) 317.53 283.93 B 2 F 1.22 0.1 (-s) 472.32 283.93 B 0 F 0.52 0.1 ( option\051, and) 484.52 283.93 B 0.52 0.1 (raw \050) 198 271.53 B 2 F 1.22 0.1 (-r) 222.14 271.53 B 0 F 0.52 0.1 ( option\051. By default, output is pr) 234.34 271.53 B 0.52 0.1 (oduced with one token per line. The) 383.19 271.53 B 2 F 1.22 0.1 (-l) 198 259.13 B 0 F 0.52 0.1 ( option r) 210.2 259.13 B 0.52 0.1 (equests a whole r) 249.83 259.13 B 0.52 0.1 (ecor) 329.63 259.13 B 0.52 0.1 (d on each line. The) 348.49 259.13 B 2 F 1.22 0.1 (-d) 438.7 259.13 B 0 F 0.52 0.1 ( option changes the) 450.9 259.13 B 0.28 0.1 (delimiter used between token \336elds, and between tokens if) 198 246.73 B 2 F 0.65 0.1 (-l) 468.86 246.73 B 0 F 0.28 0.1 ( is also speci\336ed.) 481.07 246.73 B 0.52 0.1 (In) 198 228.33 B 2 F 1.22 0.1 (-s) 210.51 228.33 B 0 F 0.52 0.1 ( format, the type is the audit event table name for the event \050such as) 222.71 228.33 B 2 F 1.22 0.1 (AUE_IOCTL) 198 215.93 B 0 F 0.52 0.1 (\051, and in) 252.9 215.93 B 2 F 1.22 0.1 (-r) 294.45 215.93 B 0 F 0.52 0.1 ( format, it is the event number \050158, in the case of) 306.65 215.93 B 2 F 0.1 0.1 (AUE_IOCTL) 198 203.53 B 0 F 0.04 0.1 (\051. That is the only distinction between) 252.9 203.53 B 2 F 0.1 0.1 (-s) 425.96 203.53 B 0 F 0.04 0.1 ( and default format. In) 438.17 203.53 B 2 F 0.1 0.1 (-r) 543.16 203.53 B 0 F -0.01 0.1 (format, all numeric values \050user IDs, gr) 198 191.13 B -0.01 0.1 (oup IDs, etc.\051 ar) 374.97 191.13 B -0.01 0.1 (e displayed numerically) 446.57 191.13 B 0.52 0.1 (\050in decimal, except for Internet addr) 198 178.73 B 0.52 0.1 (esses, which ar) 363.59 178.73 B 0.52 0.1 (e in hex, and for modes,) 432.03 178.73 B 0.52 0.1 (which ar) 198 166.33 B 0.52 0.1 (e in octal\051.) 237.92 166.33 B FMENDPAGE %%EndPage: "17" 18 %%Page: "18" 18 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (18) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 0 10 Q 0 X 0.52 0.1 (Her) 198 641.33 B 0.52 0.1 (e is the output fr) 215.18 641.33 B 0.52 0.1 (om) 292.02 641.33 B 2 F 1.22 0.1 (praudit) 309.63 641.33 B 0 F 0.52 0.1 ( for a header token:) 352.33 641.33 B 2 F 1.04 -0.8 (header,240,1,ioctl\0502\051,es,Tue Sept 1 16:11:44 1992, + 270000 msec) 216 626.93 B 0 F 0.52 0.1 (And her) 198 606.93 B 0.52 0.1 (e is the output fr) 235.81 606.93 B 0.52 0.1 (om) 312.65 606.93 B 2 F 1.22 0.1 (praudit) 330.26 606.93 B 1.22 0.1 (-r) 376.08 606.93 B 0 F 0.52 0.1 ( for the same header token:) 388.28 606.93 B 2 F 1.1 -0.5 (20,240,1,158,0003,699754304, + 270000 msec) 216 592.53 B 0 F 0.52 0.1 (It is sometimes useful to manipulate) 198 572.53 B 2 F 1.22 0.1 (praudit) 367.56 572.53 B 0 F 0.52 0.1 (\325s output as lines of text\321for) 410.26 572.53 B 0.52 0.1 (instance, to perform selections that cannot be done with) 198 560.13 B 2 F 1.22 0.1 (auditreduce) 457.53 560.13 B 0 F 0.52 0.1 (. A) 524.63 560.13 B 0.4 0.1 (simple shell script can pr) 198 547.73 B 0.4 0.1 (ocess the output of) 312.4 547.73 B 2 F 0.94 0.1 (praudit) 401.88 547.73 B 0 F 0.4 0.1 (. The following example) 444.58 547.73 B 0.52 0.1 (is called) 198 535.33 B 2 F 1.22 0.1 (praudit_grep) 238.35 535.33 B 0 F 0.52 0.1 (:) 311.55 535.33 B 2 F -0.5 (#!/bin/sh) 144 520.93 S 1.1 -0.5 (praudit | sed -e \3251,2d\325 -e \325$s/^f) 144 509.93 B 1.1 -0.5 (ile.*$//\325 -e \325s/^header/^Aheader/\325 \134\134) 332.1 509.93 B 1.1 -0.5 (| tr \325\134\134012\134\134001\325 \325\134\134002\134\134012\325 \134\134) 144 498.93 B 1.1 -0.5 (| grep "$1" \134\134) 144 487.93 B 1.1 -0.5 (| tr \325\134\134002\325 \325\134\134012\325) 144 476.93 B 0 F 0.05 0.1 (The example script marks the header tokens by pr) 198 459.93 B 0.05 0.1 (e\336xing them with Contr) 424.18 459.93 B 0.05 0.1 (ol-A.) 532.77 459.93 B 0.52 0.1 (\050Note that the \322) 198 447.53 B 2 F 1.2 (^A) 270.02 447.53 P 0 F 0.52 0.1 (\323 is a literal Contr) 282.02 447.53 B 0.52 0.1 (ol-A, not the two characters \322) 364.38 447.53 B 2 F 1.2 (^) 499.82 447.53 P 0 F 0.52 0.1 (\323 and \322) 505.82 447.53 B 2 F 1.2 (A) 539.48 447.53 P 0 F 0.52 0.1 (\323.) 545.48 447.53 B 0.01 0.1 (Pr) 198 435.13 B 0.01 0.1 (e\336xing is necessary to distinguish them fr) 208.01 435.13 B 0.01 0.1 (om the string \322) 395.85 435.13 B 2 F 0.01 0.1 (header) 463.76 435.13 B 0 F 0.01 0.1 (\323 that might) 500.36 435.13 B 0.52 0.1 (appear as text in) 198 422.73 B 2 F 1.22 0.1 (praudit) 277.08 422.73 B 0 F 0.52 0.1 (\325s output.\051 The script then combines all the tokens) 319.78 422.73 B 0.52 0.1 (for a r) 198 410.33 B 0.52 0.1 (ecor) 226.25 410.33 B 0.52 0.1 (d onto one line while pr) 245.11 410.33 B 0.52 0.1 (eserving the line br) 355.77 410.33 B 0.52 0.1 (eaks as Contr) 444.14 410.33 B 0.52 0.1 (ol-A; r) 505.71 410.33 B 0.52 0.1 (uns) 535.28 410.33 B 2 F 1.22 0.1 (grep) 198 397.93 B 0 F 0.52 0.1 (; and r) 222.4 397.93 B 0.52 0.1 (estor) 252.34 397.93 B 0.52 0.1 (es the original newlines.) 274.36 397.93 B 0.52 0.1 (Note that in) 198 379.53 B 2 F 1.22 0.1 (praudit) 256.25 379.53 B 0 F 0.52 0.1 (\325s default output format, each r) 298.95 379.53 B 0.52 0.1 (ecor) 441.9 379.53 B 0.52 0.1 (d can always be) 460.76 379.53 B 0.52 0.1 (identi\336ed unambiguously as a sequence of tokens \050each on a separate line\051) 198 367.13 B 0.52 0.1 (beginning with a \322header\323 token and ending with a \322trailer\323 token. Each) 198 354.73 B 0.52 0.1 (r) 198 342.33 B 0.52 0.1 (ecor) 201.87 342.33 B 0.52 0.1 (d, ther) 220.73 342.33 B 0.52 0.1 (efor) 250.7 342.33 B 0.52 0.1 (e, is easily identi\336ed and pr) 268.45 342.33 B 0.52 0.1 (ocessed with) 395.76 342.33 B 2 F 1.22 0.1 (awk) 457.5 342.33 B 0 F 0.52 0.1 (, for instance.) 475.8 342.33 B FMENDPAGE %%EndPage: "18" 19 %%Page: "19" 19 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (19) 548.82 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 1 14 Q 0 X -0.88 (Device Allocation) 117.22 638.67 P 0 10 Q 0.52 0.1 (The TCSEC\325s object r) 198 617.33 B 0.52 0.1 (euse r) 294.08 617.33 B 0.52 0.1 (equir) 321.32 617.33 B 0.52 0.1 (ement for computing systems at C2 level and) 344.92 617.33 B 0.52 0.1 (above is ful\336lled by the device allocation mechanism. This section describes) 198 604.93 B 0.52 0.1 (what the administrator needs to know about managing devices.) 198 592.53 B 0.2 0.1 (The administrator must decide whether any devices should be allocatable, and) 198 572.13 B 0.52 0.1 (if so, which devices should be allocatable, if the defaults ar) 198 559.73 B 0.52 0.1 (e not appr) 468.25 559.73 B 0.52 0.1 (opriate) 515.41 559.73 B 0.52 0.1 (for your site\325s security policy) 198 547.33 B 0.52 0.1 (.) 330.5 547.33 B 1 13 Q -0.85 0.13 (Risks Associated with Device Use) 198 518.93 B 0 10 Q 0.52 0.1 (For one example of the security risks associated with the use of various I/O) 198 501.93 B 0.31 0.1 (devices, consider how cartridge devices ar) 198 489.53 B 0.31 0.1 (e typically used. Often several users) 390.68 489.53 B 0.52 0.1 (shar) 198 477.13 B 0.52 0.1 (e a single tape drive, which may be located in an of) 217.23 477.13 B 0.52 0.1 (\336ce or lab away fr) 453.81 477.13 B 0.52 0.1 (om) 536.82 477.13 B 0.52 0.1 (wher) 198 464.73 B 0.52 0.1 (e an individual user) 221.12 464.73 B 0.52 0.1 (\325s own machine is located. This means that, after he) 313.9 464.73 B 0.52 0.1 (or she loads a tape into the tape drive, some length of time may elapse befor) 198 452.33 B 0.52 0.1 (e) 549.4 452.33 B 0.22 0.1 (the user can r) 198 439.93 B 0.22 0.1 (eturn to the machine to invoke the command that r) 259.47 439.93 B 0.22 0.1 (eads or writes) 491.3 439.93 B 0.23 0.1 (data to or fr) 198 427.53 B 0.23 0.1 (om the tape. Then another time lapse occurs befor) 252.09 427.53 B 0.23 0.1 (e the user is able) 479.4 427.53 B 0.45 0.1 (to r) 198 415.13 B 0.45 0.1 (eturn and take the tape out of the drive. Because tape devices ar) 213.84 415.13 B 0.45 0.1 (e typically) 507.55 415.13 B 0.52 0.1 (accessible to all users, during the time when the tape is unattended an) 198 402.73 B 0.52 0.1 (unauthorized user could access or overwrite data on the tape.) 198 390.33 B 0.32 0.1 (The device allocation mechanism makes it possible to assign certain devices to) 198 369.93 B 0.27 0.1 (one user at a time, so that the device can only be accessed by that user while it) 198 357.53 B 0.52 0.1 (is assigned to that user) 198 345.13 B 0.52 0.1 (\325s name.) 304.11 345.13 B 0.52 0.1 (The device allocation mechanism ensur) 198 324.73 B 0.52 0.1 (es the following for tape devices and) 377.71 324.73 B 0.52 0.1 (pr) 198 312.33 B 0.52 0.1 (ovides r) 207.98 312.33 B 0.52 0.1 (elated security services for other allocatable devices:) 244.73 312.33 B 3 14 Q 0.14 (\245) 198 293.93 S 0 10 Q 0.52 0.1 (Pr) 210.6 293.93 B 0.52 0.1 (events one user fr) 220.61 293.93 B 0.52 0.1 (om r) 302.2 293.93 B 0.52 0.1 (eading a tape just written by another user befor) 323.68 293.93 B 0.52 0.1 (e) 542.16 293.93 B 0.52 0.1 (the owner of the tape has r) 210.6 281.53 B 0.52 0.1 (emoved the tape fr) 334.2 281.53 B 0.52 0.1 (om the tape drive) 420.72 281.53 B FMENDPAGE %%EndPage: "19" 20 %%Page: "20" 20 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (20) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 1 13 Q 0 X -0.85 0.13 (Components of the Device Allocation Mechanism) 198 639.33 B 0 10 Q 0.52 0.1 (The components of the allocation mechanism that you must understand in) 198 622.33 B 0.52 0.1 (or) 198 609.93 B 0.52 0.1 (der to manage device allocation ar) 207.43 609.93 B 0.52 0.1 (e:) 365.13 609.93 B 3 14 Q 0.14 (\245) 198 591.53 S 0 10 Q 0.52 0.1 (the) 210.6 591.53 B 2 F 1.22 0.1 (allocate\0501M\051) 227.89 591.53 B 0 F 0.52 0.1 (,) 301.09 591.53 B 2 F 1.22 0.1 (deallocate\0501M\051) 306.81 591.53 B 0 F 0.52 0.1 (,) 392.21 591.53 B 2 F 1.22 0.1 (dminfo\0501M\051) 397.93 591.53 B 0 F 0.52 0.1 ( and) 458.93 591.53 B 2 F 1.22 0.1 (list_devices\0501M\051) 210.6 579.13 B 0 F 0.52 0.1 ( commands) 308.2 579.13 B 3 14 Q 0.14 (\245) 198 566.73 S 0 10 Q 0.52 0.1 (the) 210.6 566.73 B 2 F 1.22 0.1 (device_allocate\0504\051) 227.89 566.73 B 0 F 0.52 0.1 ( \336le) 337.69 566.73 B 3 14 Q 0.14 (\245) 198 554.33 S 0 10 Q 0.52 0.1 (the) 210.6 554.33 B 2 F 1.22 0.1 (device_maps\0504\051) 227.89 554.33 B 0 F 0.52 0.1 ( \336le) 313.29 554.33 B 3 14 Q 0.14 (\245) 198 541.93 S 0 10 Q 0.52 0.1 (the lock \336les that must exist for each allocatable device in) 210.6 541.93 B 2 F 0.1 (/etc/security/dev) 210.6 529.53 S 3 14 Q 0.14 (\245) 198 517.13 S 0 10 Q 0.47 0.1 (the changed attributes of the) 210.6 517.13 B 1 F 0.47 0.1 (device-special \336les) 344.74 517.13 B 0 F 0.47 0.1 ( that ar) 420.26 517.13 B 0.47 0.1 (e associated with each) 453.11 517.13 B 0.52 0.1 (allocatable device) 210.6 504.73 B 3 14 Q 0.14 (\245) 198 492.33 S 0 10 Q 0.52 0.1 (the \322device clean\323 scripts for each allocatable device) 210.6 492.33 B 0.5 0.1 (How any user invokes the) 198 471.93 B 2 F 1.17 0.1 (allocate\0501M\051) 321.3 471.93 B 0 F 0.5 0.1 (,) 394.5 471.93 B 2 F 1.17 0.1 (deallocate\0501M\051) 400.2 471.93 B 0 F 0.5 0.1 (,) 485.6 471.93 B 2 F 1.17 0.1 (dminfo\0501M\051) 491.3 471.93 B 0 F 0.5 0.1 (,) 552.3 471.93 B 0.52 0.1 (and) 198 459.53 B 2 F 1.22 0.1 (list_devices\0501M\051) 218.35 459.53 B 0 F 0.52 0.1 ( commands is described in the subsection below on) 315.95 459.53 B 0.52 0.1 (using) 198 447.13 B 2 F 1.22 0.1 (allocate) 226.18 447.13 B 0 F 0.52 0.1 (. [All of the options and other descriptions ar) 274.98 447.13 B 0.52 0.1 (e de\336ned in the) 482.21 447.13 B 0.52 0.1 (man pages.]) 198 434.73 B 0.52 0.1 (The) 198 414.33 B 2 F 1.22 0.1 (device_allocate\0504\051) 218.16 414.33 B 0 F 0.52 0.1 ( \336le, the) 327.96 414.33 B 2 F 1.22 0.1 (device_maps\0505\051) 368.14 414.33 B 0 F 0.52 0.1 ( \336le, and the lock \336les) 453.54 414.33 B 0.52 0.1 (ar) 198 401.93 B 0.52 0.1 (e speci\336c to each machine. The con\336guration \336les ar) 206.97 401.93 B 0.52 0.1 (e not administer) 446.04 401.93 B 0.52 0.1 (ed as) 520.65 401.93 B 0.52 0.1 (NIS databases because tape drives, \337oppy drives, and the printers, ar) 198 389.53 B 0.52 0.1 (e all) 515.5 389.53 B 0.52 0.1 (connected to speci\336c machines.) 198 377.13 B 1 13 Q -0.85 0.13 (Using the Device Allocation Utilities) 198 348.73 B 0 10 Q 0.52 0.1 (This section describes what the administrator can do with the options to) 198 331.73 B 2 F 1.22 0.1 (allocate) 198 319.33 B 0 F 0.52 0.1 (,) 246.8 319.33 B 2 F 1.22 0.1 (deallocate) 252.52 319.33 B 0 F 0.52 0.1 (, and) 313.52 319.33 B 2 F 1.22 0.1 (list_devices) 339.59 319.33 B 0 F 0.52 0.1 ( that ar) 412.79 319.33 B 0.52 0.1 (e usable only by the) 445.74 319.33 B 0.52 0.1 (super) 198 306.93 B 0.52 0.1 (user \050) 223.44 306.93 B 2 F 1.22 0.1 (root) 249.4 306.93 B 0 F 0.52 0.1 (\051. The commands ar) 273.8 306.93 B 0.52 0.1 (e detailed on their r) 364.73 306.93 B 0.52 0.1 (espective man pages.) 455.36 306.93 B 2 11 Q 0.11 (allocate\0501M\051) 198 281.87 S 2 10 Q 1.22 0.1 (-F) 198 265.53 B 4 F 0.52 0.1 (device_special_\336lename) 213.32 265.53 B 0 F -0.08 0.1 (Reallocates the speci\336ed device. This option is often used with the) 210.6 253.13 B 2 F -0.18 0.1 (-U) 511.13 253.13 B 0 F -0.08 0.1 ( option) 523.33 253.13 B 0.52 0.1 (to r) 210.6 240.73 B 0.52 0.1 (eallocate the speci\336ed device to the speci\336ed user) 226.51 240.73 B 0.52 0.1 (. W) 453.31 240.73 B 0.52 0.1 (ithout the) 468.58 240.73 B 2 F 1.22 0.1 (-U) 516.33 240.73 B 0 F 0.52 0.1 (option, the device is allocated to) 210.6 228.33 B 2 F 1.22 0.1 (root) 361.95 228.33 B 0 F 0.52 0.1 (.) 386.35 228.33 B 2 F 1.22 0.1 (-U) 198 207.93 B 4 F 0.52 0.1 (username) 213.32 207.93 B 0 F 0.52 0.1 (Causes the device to be allocated to the user speci\336ed rather than to the) 210.6 195.53 B 0.52 0.1 (curr) 210.6 183.13 B 0.52 0.1 (ent user) 229.19 183.13 B 0.52 0.1 (. This option allows you to allocate a device for another user) 265.15 183.13 B 0.52 0.1 (while you ar) 210.6 170.73 B 0.52 0.1 (e) 268.43 170.73 B 2 F 1.22 0.1 (root) 276.44 170.73 B 0 F 0.52 0.1 (, without having to assume that user) 300.84 170.73 B 0.52 0.1 (\325s identity) 469.84 170.73 B 0.52 0.1 (.) 514.49 170.73 B FMENDPAGE %%EndPage: "20" 21 %%Page: "21" 21 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (21) 548.82 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 2 11 Q 0 X 0.11 (deallocate\0501M\051) 198 640.67 S 2 10 Q 1.22 0.1 (-F) 198 624.33 B 4 F 0.52 0.1 (device_special_\336lename) 213.32 624.33 B 0 F 0.06 0.1 (Devices that a user has allocated ar) 210.6 611.93 B 0.06 0.1 (e not automatically deallocated when the) 369.2 611.93 B 0.52 0.1 (pr) 210.6 599.53 B 0.52 0.1 (ocess terminates or when the user logs out. When a user for) 220.58 599.53 B 0.52 0.1 (gets to) 495.2 599.53 B 0.01 0.1 (deallocate a tape drive, you can for) 210.6 587.13 B 0.01 0.1 (ce deallocation using the) 368.79 587.13 B 2 F 0.03 0.1 (-F) 483.17 587.13 B 0 F 0.01 0.1 ( option while) 495.37 587.13 B 0.52 0.1 (you ar) 210.6 574.73 B 0.52 0.1 (e) 240.04 574.73 B 2 F 1.22 0.1 (root) 248.05 574.73 B 0 F 0.52 0.1 (.) 272.45 574.73 B 2 F 0.1 (-I) 198 554.33 S 0 F 0.52 0.1 (For) 210.6 541.93 B 0.52 0.1 (ces deallocation of all allocatable devices. This option should only be) 225.69 541.93 B 0.52 0.1 (used at system initialization.) 210.6 529.53 B 2 11 Q 0.11 (list_devices\0501M\051) 198 504.47 S 0 10 Q 0.52 0.1 (The administrator can r) 198 488.13 B 0.52 0.1 (un) 305.93 488.13 B 2 F 1.22 0.1 (list_devices) 321.1 488.13 B 0 F 0.52 0.1 ( to get a listing of all the) 394.3 488.13 B 0.52 0.1 (device-special \336les that ar) 198 475.73 B 0.52 0.1 (e associated with any device listed in the) 316.18 475.73 B 2 F 1.2 (device_maps) 198 463.33 P 0 F 0.52 0.1 ( \336le.) 264 463.33 B 2 F 1.22 0.1 (-U) 198 442.93 B 4 F 0.52 0.1 (username) 213.32 442.93 B 0 F 0.52 0.1 (List the devices that ar) 210.6 430.53 B 0.52 0.1 (e allocatable to the user ID associated with the) 314.51 430.53 B 0.52 0.1 (speci\336ed username. This allows you to check which devices ar) 210.6 418.13 B 0.52 0.1 (e allocatable) 496.88 418.13 B 0.52 0.1 (to another user while you ar) 210.6 405.73 B 0.52 0.1 (e) 340.92 405.73 B 2 F 1.22 0.1 (root) 348.93 405.73 B 0 F 0.52 0.1 (.) 373.33 405.73 B 1 13 Q -0.85 0.13 (The Allocate Err) 198 377.33 B -0.85 0.13 (or State) 285.05 377.33 B 0 10 Q 0.52 0.1 (The allocate err) 198 360.33 B 0.52 0.1 (or state is mentioned in the man pages for the) 268.66 360.33 B 2 F 1.22 0.1 (allocate) 482.92 360.33 B 0 F 0.52 0.1 (components. An allocatable device) 198 347.93 B 0.52 0.1 (is in the) 359.61 347.93 B 1 F 0.52 0.1 (allocate err) 399.42 347.93 B 0.52 0.1 (or state) 445.3 347.93 B 0 F 0.52 0.1 (if it is owned by) 479.45 347.93 B 0.23 0.1 (user) 198 335.53 B 2 F 0.55 0.1 (allocate) 220.24 335.53 B 0 F 0.23 0.1 ( and gr) 269.04 335.53 B 0.23 0.1 (oup) 301.47 335.53 B 2 F 0.55 0.1 (wheel) 322.1 335.53 B 0 F 0.23 0.1 ( with a device-special \336le mode of) 352.6 335.53 B 2 F 0.55 0.1 (0100) 510.61 335.53 B 0 F 0.22 (.) 535.01 335.53 P 0.23 0.1 (If a) 540.23 335.53 B 0.52 0.1 (user wishes to allocate a device that is in the allocate err) 198 323.13 B 0.52 0.1 (or state, the) 456.12 323.13 B 0.52 0.1 (administrator should try to for) 198 310.73 B 0.52 0.1 (ce the deallocation of the device, using the) 338.5 310.73 B 2 F 0.11 (deallocate) 198 298.33 P 0 F 0.05 0.1 ( command with the) 258 298.33 B 2 F 0.11 0.1 (-F) 348.67 298.33 B 0 F 0.05 0.1 ( option, or use) 360.87 298.33 B 2 F 0.11 0.1 (allocate) 428.55 298.33 B 0.11 0.1 (-U) 479.99 298.33 B 0 F 0.05 0.1 ( to assign it to) 492.19 298.33 B 0.52 0.1 (the user) 198 285.93 B 0.52 0.1 (, then investigate any err) 233.96 285.93 B 0.52 0.1 (or messages that display) 347.91 285.93 B 0.52 0.1 (. When the pr) 459.44 285.93 B 0.52 0.1 (oblems) 522.38 285.93 B -0.06 0.05 (with the device ar) 198 273.53 B -0.06 0.05 (e corr) 277.89 273.53 B -0.06 0.05 (ected, the administrator must r) 303.04 273.53 B -0.06 0.05 (er) 440.95 273.53 B -0.06 0.05 (un the) 449.71 273.53 B 2 F -0.14 0.05 (deallocate) 480.67 273.53 B -0.13 -0.1 (-F) 543.66 273.53 B 0 F 0.52 0.1 (or) 198 261.13 B 2 F 1.18 -0.1 (allocate) 210.73 261.13 B 1.18 -0.1 (-F) 260.81 261.13 B 0 F 0.52 0.1 ( commands to clear the allocate err) 272.61 261.13 B 0.52 0.1 (or state fr) 432.92 261.13 B 0.52 0.1 (om the device.) 477.12 261.13 B FMENDPAGE %%EndPage: "21" 22 %%Page: "22" 22 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (22) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 1 13 Q 0 X -0.85 0.13 (The) 198 639.33 B 2 F -1.98 0.13 (device_maps) 220.43 639.33 B 1 F -0.85 0.13 (File) 310.19 639.33 B 0 10 Q 0.52 0.1 (Y) 198 622.33 B 0.52 0.1 (ou can look at the) 203.85 622.33 B 2 F 1.22 0.1 (device_maps\0504\051) 289.12 622.33 B 0 F 0.52 0.1 ( \336le to \336nd out device names, device) 374.52 622.33 B 0.52 0.1 (types, and the device-special \336les that ar) 198 609.93 B 0.52 0.1 (e associated with each allocatable) 383.9 609.93 B 0.25 0.1 (device. The default) 198 597.53 B 2 F 0.6 0.1 (device_maps) 287.62 597.53 B 0 F 0.25 0.1 ( \336le is cr) 354.72 597.53 B 0.25 0.1 (eated during installation, and it has) 393.09 597.53 B 0.52 0.1 (one r) 198 585.13 B 0.52 0.1 (ecor) 221.36 585.13 B 0.52 0.1 (d for each allocatable device in the system.) 240.22 585.13 B 0.52 0.1 (This \336le de\336nes the device-special \336le mappings for each device, which in) 198 564.73 B 0.52 0.1 (many cases is not intuitive. This \336le allows various pr) 198 552.33 B 0.52 0.1 (ograms to discover) 445.06 552.33 B 0.17 0.1 (which device-special \336les map to which devices. Y) 198 539.93 B 0.17 0.1 (ou can use the) 426.28 539.93 B 2 F 0.39 0.1 (dminfo\0501M\051) 494.13 539.93 B 0 F 0.52 0.1 (command, for example, to get the device name, the device type, and the) 198 527.53 B 0.52 0.1 (device-special \336les to specify when setting up an allocatable device;) 198 515.13 B 2 F 1.22 0.1 (dminfo\0501M\051) 198 502.73 B 0 F 0.52 0.1 ( uses the) 259 502.73 B 2 F 1.22 0.1 (device_maps\0504\051) 302.23 502.73 B 0 F 0.52 0.1 ( \336le.) 387.63 502.73 B 0.52 0.1 (Each device is r) 198 482.33 B 0.52 0.1 (epr) 269.64 482.33 B 0.52 0.1 (esented by a one line entry of the form:) 284.51 482.33 B 4 F 0.52 0.1 (device-name) 210.6 461.93 B 2 F 1.22 0.1 ( :) 267.25 461.93 B 4 F 0.52 0.1 (device-type) 287.99 461.93 B 2 F 1.22 0.1 ( :) 340.2 461.93 B 4 F 0.52 0.1 (device-list) 360.94 461.93 B 0 F 0.52 0.1 (Lines in) 210.6 441.53 B 2 F 1.22 0.1 (device_maps\0504\051) 250.14 441.53 B 0 F 0.52 0.1 ( can end with a \324) 335.54 441.53 B 2 F 1.22 0.1 (\134) 412.43 441.53 B 0 F 0.52 0.1 (\325 to continue an entry on the) 418.53 441.53 B 0.52 0.1 (next line. Comments may also be included. A \324) 210.6 429.13 B 2 F 1.22 0.1 (#) 425.04 429.13 B 0 F 0.52 0.1 (\325 makes a comment of all) 431.14 429.13 B 0.52 0.1 (further text until the next NEWLINE not immediately pr) 210.6 416.73 B 0.52 0.1 (eceded by a \324) 470.13 416.73 B 2 F 1.22 0.1 (\134) 530.39 416.73 B 0 F 0.52 0.1 (\325.) 536.49 416.73 B 0.52 0.1 (Leading and trailing blanks ar) 210.6 396.33 B 0.52 0.1 (e allowed in any of the \336elds.) 349.06 396.33 B 4 F 0.1 (device-name) 224.64 377.93 S 0 F 0.08 0.1 (The name of the device \050for example,) 246.24 359.53 B 2 F 0.19 0.1 (st0) 416.58 359.53 B 0 F 0.08 0.1 (,) 434.88 359.53 B 2 F 0.19 0.1 (fd0) 440.16 359.53 B 0 F 0.08 0.1 (,) 458.46 359.53 B 2 F 0.19 0.1 (audio) 463.74 359.53 B 0 F 0.08 0.1 (\051. Y) 494.24 359.53 B 0.08 0.1 (ou can get) 508.8 359.53 B -0.02 0.1 (the device type for any device fr) 246.24 347.13 B -0.02 0.1 (om the dir) 391.49 347.13 B -0.02 0.1 (ectly fr) 438.39 347.13 B -0.02 0.1 (om the device type) 469.73 347.13 B 0.52 0.1 (\336eld in the) 246.24 334.73 B 2 F 1.22 0.1 (device_maps) 298.96 334.73 B 0 F 0.52 0.1 ( \336le, or use the) 366.06 334.73 B 2 F 1.22 0.1 (dminfo\0501M\051) 437.45 334.73 B 0 F 0.52 0.1 ( command.) 498.45 334.73 B 0.52 0.1 (\050The device name speci\336ed her) 246.24 322.33 B 0.52 0.1 (e must be used for the name of the) 388.14 322.33 B 0.52 0.1 (lock \336le for the device.\051) 246.24 309.93 B 4 F 0.1 (device-type) 224.64 291.53 S 0 F 0.52 0.1 (The generic device type \050the name for the class of devices, such as) 246.24 273.13 B 2 F 1.22 0.1 (st) 246.24 260.73 B 0 F 0.52 0.1 (,) 258.44 260.73 B 2 F 1.22 0.1 (fd) 264.16 260.73 B 0 F 0.52 0.1 (,) 276.36 260.73 B 2 F 1.22 0.1 (audio) 282.08 260.73 B 0 F 0.52 0.1 (\051 \321 used to gr) 312.58 260.73 B 0.52 0.1 (oup r) 378.61 260.73 B 0.52 0.1 (elated devices. Y) 403.4 260.73 B 0.52 0.1 (ou can get the) 479.18 260.73 B 0.52 0.1 (device type fr) 246.24 248.33 B 0.52 0.1 (om the device type \336eld in the device\325s entry in the) 309.09 248.33 B 2 F 1.22 0.1 (device_maps) 246.24 235.93 B 0 F 0.52 0.1 ( \336le.) 313.34 235.93 B 4 F 0.1 (device-list) 224.64 217.53 S 0 F 0.52 0.1 (A list of the device-special \336les associated with the physical device.) 246.24 199.13 B FMENDPAGE %%EndPage: "22" 23 %%Page: "23" 23 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (23) 548.82 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 0 10 Q 0 X 0.52 0.1 (For an example of entries for SCSI tape) 198 641.33 B 2 F 1.22 0.1 (st0) 380.75 641.33 B 0 F 0.52 0.1 ( and \337oppy disk) 399.05 641.33 B 2 F 1.22 0.1 (fd0) 477.6 641.33 B 0 F 0.52 0.1 ( in a) 495.9 641.33 B 2 F 1.22 0.1 (device_maps) 198 628.93 B 0 F 0.52 0.1 ( \336le, see the following example:) 265.1 628.93 B 2 F -0.7 (fd0:\134) 72 615.53 S -0.7 (fd:\134) 90 605.03 S 1.06 -0.7 (/dev/fd0 /dev/fd0a /dev/fd0b /dev/fd0c /dev/rfd0 /dev/rfd0a /dev/rfd0b /dev/rfd0c:\134) 90 594.53 B -0.7 (.) 144 584.03 S -0.7 (.) 144 573.53 S -0.7 (.) 144 563.03 S -0.7 (st0:\134) 72 552.53 S -0.7 (st:\134) 90 542.03 S 0.74 -0.8 (/dev/rst0 /dev/rst8 /dev/rst16 /dev/rst24 /dev/nrst0 /dev/nrst8 /dev/nrst16 /dev/nrst24:\134) 90 531.53 B 1 13 Q -0.85 0.13 (The) 198 509.03 B 2 F -1.98 0.13 (device_allocate) 220.43 509.03 B 1 F -0.85 0.13 ( File) 339.37 509.03 B 0 10 Q 0.52 0.1 (The administrator may modify the) 198 492.03 B 2 F 1.22 0.1 (device_allocate) 359.3 492.03 B 0 F 0.52 0.1 ( \336le to change devices) 450.8 492.03 B 0.52 0.1 (fr) 198 479.63 B 0.52 0.1 (om allocatable to non-allocatable, or to add new devices. Her) 205.3 479.63 B 0.52 0.1 (e is the default) 485.55 479.63 B 2 F 1.22 0.1 (device_allocate) 198 467.23 B 0 F 0.52 0.1 ( \336le shipped with the system.) 289.5 467.23 B 2 F -0.5 (st0;st;;;;/usr/lib/security/st_clean) 216 452.83 S -0.5 (fd0;fd;;;;/usr/lib/security/fd_clean) 216 440.83 S -0.5 (sr0;sr;;;;/usr/lib/security/sr_clean) 216 428.83 S -0.5 (audio;audio;;;;/usr/lib/security/audio_clean) 216 416.83 S 0 F 0.52 0.1 (The administrator de\336nes which devices should be allocatable during initial) 198 396.83 B 0.52 0.1 (con\336guration of the Basic Security Module. Y) 198 384.43 B 0.52 0.1 (ou may decide to accept the) 404.84 384.43 B -0.09 0.1 (default devices and their de\336ned characteristics. Whenever you add a device to) 198 372.03 B 0.52 0.1 (any machine after the system is up and r) 198 359.63 B 0.52 0.1 (unning, you must decide whether to) 385.26 359.63 B 0.52 0.1 (make the new device allocatable.) 198 347.23 B 0.5 0.1 (The entries for devices in the) 198 326.83 B 2 F 1.18 0.1 (device_allocate) 333.89 326.83 B 0 F 0.5 0.1 ( \336le may be modi\336ed by the) 425.39 326.83 B 0.52 0.1 (administrator after installation. Any device that needs to be allocated befor) 198 314.43 B 0.52 0.1 (e) 541.66 314.43 B 0.52 0.1 (use must be de\336ned in the) 198 302.03 B 2 F 1.22 0.1 (device_allocate) 322.73 302.03 B 0 F 0.52 0.1 ( \336le on each machine.) 414.23 302.03 B 0.52 0.1 (Curr) 198 281.63 B 0.52 0.1 (ently cartridge tape drives, \337oppy disk drives, CD-ROM devices, and) 219.24 281.63 B 0.52 0.1 (audio chips ar) 198 269.23 B 0.52 0.1 (e listed in the default) 263.14 269.23 B 2 F 1.2 (device_allocate) 363.68 269.23 P 1.22 0.1 (\0504\051) 453.68 269.23 B 0 F 0.52 0.1 ( \336le; all ar) 471.98 269.23 B 0.52 0.1 (e) 518.08 269.23 B 0.52 0.1 (allocatable and have device clean scripts. An entry for the frame buf) 198 256.83 B 0.52 0.1 (fer and) 510.92 256.83 B 0.52 0.1 (four printer entries also appear in the default) 198 244.43 B 2 F 1.2 (device_allocate) 408.58 244.43 P 0 F 0.52 0.1 ( \336le.) 498.58 244.43 B 54 222.71 558 230.7 C 558 227.68 198 227.68 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 5 10 Q 0 X 0 K 0.2 0.1 (Note \320) 198 216.04 B 0 F 0.2 0.1 (If you add a Xylogics tape drive or an Ar) 231.32 216.04 B 0.2 0.1 (chive tape drive, they can also) 417.71 216.04 B 0.52 0.1 (use the) 198 203.64 B 2 F 1.22 0.1 (st_clean) 233.77 203.64 B 0 F 0.52 0.1 ( script supplied for SCSI devices. Other devices that you) 282.57 203.64 B 0.52 0.1 (could make allocatable ar) 198 191.24 B 0.52 0.1 (e modems, terminals, graphics tablets, and the like,) 314.67 191.24 B 0.38 0.1 (but you need to cr) 198 178.84 B 0.38 0.1 (eate your own device clean scripts for such devices, and the) 281.61 178.84 B 54 155.12 558 163.11 C 558 160.09 198 160.09 2 L 0.3 H 2 Z 0 X 4 K N 0 72 612 720 C 0 10 Q 0 X 0 K 0.52 0.1 (script must ful\336ll object r) 198 166.44 B 0.52 0.1 (euse r) 313.68 166.44 B 0.52 0.1 (equir) 340.92 166.44 B 0.52 0.1 (ements for that type of device.) 364.52 166.44 B FMENDPAGE %%EndPage: "23" 24 %%Page: "24" 24 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (24) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 0 10 Q 0 X 0.52 0.1 (An entry in the) 198 641.33 B 2 F 1.2 (device_allocate) 271.26 641.33 P 0 F 0.52 0.1 ( \336le does not mean the device is) 361.26 641.33 B 0.52 0.1 (allocatable, unless the entry speci\336cally states the device is allocatable.) 198 628.93 B 0.19 0.1 (In the) 198 608.53 B 2 F 0.45 0.1 (device_allocate) 227.15 608.53 B 0 F 0.19 0.1 ( \336le, r) 318.65 608.53 B 0.19 0.1 (epr) 344.75 608.53 B 0.19 0.1 (esent each device by a one-line entry in the) 359.62 608.53 B 0.52 0.1 (following format:) 198 596.13 B 4 F 0.4 -0.5 (device-name) 144 581.73 B 2 F 1.1 -0.5 ( ;) 194.05 581.73 B 4 F 0.4 -0.5 (device-type) 212.75 581.73 B 2 F 1.1 -0.5 ( ;) 258.36 581.73 B 0 F 0.4 -0.5 ([r) 277.06 581.73 B 0.4 -0.5 (eserved]) 283.16 581.73 B 2 F 1.1 -0.5 ( ;) 316.81 581.73 B 0 F 0.4 -0.5 ([r) 335.52 581.73 B 0.4 -0.5 (eserved]) 341.61 581.73 B 2 F 1.1 -0.5 ( ;) 375.27 581.73 B 0 F 0.4 -0.5 ([r) 393.97 581.73 B 0.4 -0.5 (eserved]) 400.07 581.73 B 2 F 1.1 -0.5 ( ;) 433.72 581.73 B 4 F 0.4 -0.5 (device-clean) 452.42 581.73 B 0 F 0.52 0.1 (For example, the following line shows the entry for device name) 198 562.73 B 2 F 1.22 0.1 (st0) 496.8 562.73 B 0 F 0.52 0.1 (:) 515.1 562.73 B 2 F -0.5 (st0;st;;;;/usr/lib/security/st_clean) 216 548.33 S 0 F 0.12 0.1 (Lines in the) 198 528.33 B 2 F 0.29 (dev) 253.64 528.33 P 0.29 0.1 (ice_allocate\0505\051) 271.64 528.33 B 0 F 0.12 0.1 ( can end with a \324) 363.14 528.33 B 2 F 0.29 0.1 (\134) 438.05 528.33 B 0 F 0.12 0.1 (\325 to continue an entry on) 444.15 528.33 B 0.52 0.1 (the next line. Comments may also be included. A \324) 198 515.93 B 2 F 1.22 0.1 (#) 429.73 515.93 B 0 F 0.52 0.1 (\325 makes a comment of all) 435.83 515.93 B 0.52 0.1 (further text until the next NEWLINE not immediately pr) 198 503.53 B 0.52 0.1 (eceded by a \324) 457.53 503.53 B 2 F 1.22 0.1 (\134) 517.79 503.53 B 0 F 0.52 0.1 (\325.) 523.89 503.53 B 0.52 0.1 (Leading and trailing blanks ar) 198 483.13 B 0.52 0.1 (e allowed in any of the \336elds.) 336.46 483.13 B 4 F 0.1 (device-name) 210.6 462.73 S 0 F 0.2 0.1 (Specify the name of the device \050for example,) 224.64 444.33 B 2 F 0.48 0.1 (st0) 428.77 444.33 B 0 F 0.2 0.1 (,) 447.07 444.33 B 2 F 0.48 0.1 (fd0) 452.48 444.33 B 0 F 0.2 0.1 (,) 470.77 444.33 B 2 F 0.48 0.1 (sr0) 476.18 444.33 B 0 F 0.2 0.1 (\051. If making a) 494.48 444.33 B 0.5 0.1 (new device allocatable, you can look up the device type fr) 224.64 431.93 B 0.5 0.1 (om the device) 490.76 431.93 B 0.52 0.1 (type \336eld in the) 224.64 419.53 B 2 F 1.22 0.1 (device_maps) 300.5 419.53 B 0 F 0.52 0.1 ( \336le, or use the) 367.6 419.53 B 2 F 1.22 0.1 (dminfo\0501M\051) 438.99 419.53 B 0 F 0.52 0.1 ( command.) 499.99 419.53 B 0.52 0.1 (\050This name is also used for the name of the DAC \336le for the device.\051) 224.64 407.13 B 4 F 0.1 (device-type) 210.6 386.73 S 0 F -0.17 0.1 (Specify the generic device type \050the name for the class of devices, such as) 224.64 368.33 B 2 F 0.25 0.1 (st) 224.64 355.93 B 0 F 0.11 0.1 (,) 236.84 355.93 B 2 F 0.25 0.1 (fd) 242.15 355.93 B 0 F 0.11 0.1 (, and) 254.35 355.93 B 2 F 0.25 0.1 (sr) 279.59 355.93 B 0 F 0.11 0.1 (\051 \321 used to gr) 291.79 355.93 B 0.11 0.1 (oup r) 356.17 355.93 B 0.11 0.1 (elated devices. If making a new device) 380.54 355.93 B 0.22 0.1 (allocatable, you can look up the device type fr) 224.64 343.53 B 0.22 0.1 (om the device type \336eld in) 433.82 343.53 B 0.52 0.1 (the) 224.64 331.13 B 2 F 1.22 0.1 (device_maps) 241.93 331.13 B 0 F 0.52 0.1 ( \336le, or use the) 309.03 331.13 B 2 F 1.22 0.1 (dminfo\0501M\051) 380.42 331.13 B 0 F 0.52 0.1 ( command.) 441.42 331.13 B 4 F 0.1 (device-clean) 210.6 310.73 S 0 F 0.52 0.1 (Supply the pathname of a pr) 224.64 292.33 B 0.52 0.1 (ogram to be invoked for special handling,) 356.18 292.33 B -0.08 0.1 (such as cleanup and object r) 224.64 279.93 B -0.08 0.1 (euse pr) 350.85 279.93 B -0.08 0.1 (otection during the allocation pr) 383.61 279.93 B -0.08 0.1 (ocess.) 529.21 279.93 B 0.52 0.1 (The) 224.64 267.53 B 1 F 0.52 0.1 (device clean) 244.8 267.53 B 0 F 0.52 0.1 ( pr) 294.39 267.53 B 0.52 0.1 (ogram is r) 307.49 267.53 B 0.52 0.1 (un any time the device is acted on by) 354.35 267.53 B 2 F 1.22 0.1 (deallocate\0501M\051) 224.64 255.13 B 0 F 0.52 0.1 (, such as when it is for) 310.04 255.13 B 0.52 0.1 (cibly deallocated with) 413.48 255.13 B 2 F 1.22 0.1 (deallocate) 224.64 242.73 B 1.22 0.1 (-F) 288.76 242.73 B 0 F 0.52 0.1 (.) 300.04 242.73 B FMENDPAGE %%EndPage: "24" 25 %%Page: "25" 25 612 792 0 FMBEGINPAGE 1 9 Q 0 X 0 K 0.09 (Security) 198 108.7 S 0 F 0.09 (25) 548.82 108.7 S 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 543.04 690.29 558 693.56 R 0 X V 543.04 684.84 558 688.11 R V 543.04 679.54 558 682.81 R V 543.04 688.2 558 690.48 R 7 X V 543.04 682.92 558 685.02 R V 1 13 Q 0 X -0.85 0.13 (Device Clean Scripts) 198 639.33 B 0 10 Q 0.52 0.1 (The) 198 622.33 B 1 F 0.52 0.1 (device clean) 218.16 622.33 B 0 F 0.52 0.1 ( scripts ar) 267.75 622.33 B 0.52 0.1 (e needed to addr) 312.71 622.33 B 0.52 0.1 (ess the security r) 390.28 622.33 B 0.52 0.1 (equir) 467.23 622.33 B 0.52 0.1 (ement that all) 490.83 622.33 B 0.52 0.1 (usable data is pur) 198 609.93 B 0.52 0.1 (ged fr) 279.69 609.93 B 0.52 0.1 (om a physical device befor) 306.87 609.93 B 0.52 0.1 (e it is r) 429.3 609.93 B 0.52 0.1 (eused.) 461.14 609.93 B 0.52 0.1 (By default, cartridge tape drives, \337oppy disk drives, CD-ROM devices, and) 198 589.53 B 0.52 0.1 (audio devices r) 198 577.13 B 0.52 0.1 (equir) 267.75 577.13 B 0.52 0.1 (e device clean scripts, which ar) 291.35 577.13 B 0.52 0.1 (e pr) 433.74 577.13 B 0.52 0.1 (ovided. This section) 451.73 577.13 B 0.52 0.1 (describes what the device clean scripts do.) 198 564.73 B 4 11 Q -0.71 0.11 (Object Reuse) 198 539.67 B 0 10 Q 0.52 0.1 (Device allocation satis\336es part of the object r) 198 523.33 B 0.52 0.1 (euse r) 402.53 523.33 B 0.52 0.1 (equir) 429.77 523.33 B 0.52 0.1 (ement, but the device) 453.37 523.33 B 0.14 0.1 (clean scripts also do their part by making sur) 198 510.93 B 0.14 0.1 (e that data left on a device by one) 402.69 510.93 B 0.52 0.1 (user is clear) 198 498.53 B 0.52 0.1 (ed befor) 252.41 498.53 B 0.52 0.1 (e the device is allocatable by another user) 290.01 498.53 B 0.52 0.1 (.) 480.62 498.53 B 4 11 Q -0.71 0.11 (Device Clean Scripts for T) 198 473.47 B -0.71 0.11 (apes) 324.08 473.47 B 0 10 Q 0.52 0.1 (The two supported tape devices and the) 198 457.13 B 2 F 1.22 0.1 (device_clean) 385.49 457.13 B 0 F 0.52 0.1 ( scripts for each ar) 458.69 457.13 B 0.52 0.1 (e) 543.38 457.13 B 0.52 0.1 (shown in T) 198 444.73 B 0.52 0.1 (able) 248.66 444.73 B 0.52 0.1 (4:) 269.89 444.73 B 0.31 0.1 (These scripts use the) 198 358.33 B 2 F 0.71 0.1 (rewoff) 295.17 358.33 B 0.71 0.1 (l) 331.77 358.33 B 0 F 0.31 0.1 ( option to) 337.87 358.33 B 2 F 0.71 0.1 (mt\0501\051) 385.02 358.33 B 0 F 0.31 0.1 ( to af) 415.52 358.33 B 0.31 0.1 (fect the device cleanup. If) 438.6 358.33 B 0.38 0.1 (the scripts ar) 198 345.93 B 0.38 0.1 (e r) 256.84 345.93 B 0.38 0.1 (un during system boot, they will query the device to see if it is) 268.68 345.93 B 0.52 0.1 (online and has any media in it.) 198 333.53 B 0.52 0.1 (1/4 inch tape devices will be placed in the allocate err) 198 313.13 B 0.52 0.1 (or state to for) 446.37 313.13 B 0.52 0.1 (ce the) 508.17 313.13 B 0.52 0.1 (administrator to manually clean up the device.) 198 300.73 B 0.52 0.1 (During the normal system operation, when) 198 280.33 B 2 F 1.22 0.1 (allocate) 398.92 280.33 B 0 F 0.52 0.1 ( or) 447.72 280.33 B 2 F 1.22 0.1 (deallocate) 463.57 280.33 B 0 F 0.52 0.1 ( is) 524.57 280.33 B 0.52 0.1 (executed in the interactive mode, the user will be pr) 198 267.93 B 0.52 0.1 (ompted to r) 436.97 267.93 B 0.52 0.1 (emove the) 491.06 267.93 B 0.52 0.1 (media fr) 198 255.53 B 0.52 0.1 (om the device being deallocated. The scripts pause until the media is) 236.56 255.53 B 0.52 0.1 (r) 198 243.13 B 0.52 0.1 (emoved fr) 201.87 243.13 B 0.52 0.1 (om the device.) 248.52 243.13 B 1 9 Q 0.09 (T) 198 427.4 S 0.09 (able) 202.59 427.4 S 0.09 (4) 219.46 427.4 S 0 F 0.47 0.09 (Device Clean Scripts for the T) 241.2 427.4 B 0.47 0.09 (wo Supported T) 363.54 427.4 B 0.47 0.09 (ape Devices) 429.52 427.4 B 5 F 0.47 0.09 (T) 198 410.4 B 0.47 0.09 (ape Device T) 203.09 410.4 B 0.47 0.09 (ype) 257.8 410.4 B 0.47 0.09 (Device Clean Script) 342 410.4 B 0 F 0.47 0.09 (SCSI 1/4 inch tape) 198 395.4 B 2 F 0.09 (st_clean\0501\051) 342 395.4 S 0 F 0.47 0.09 (Ar) 198 380.4 B 0.47 0.09 (chive 1/4 inch tape) 208.57 380.4 B 2 F 0.09 (st_clean\0501\051) 342 380.4 S 198 420.4 439.2 420.4 2 L V 0 Z N 198 405.4 439.2 405.4 2 L V 0.5 H N 198 375.4 439.2 375.4 2 L V 0.3 H N FMENDPAGE %%EndPage: "25" 26 %%Page: "26" 26 612 792 0 FMBEGINPAGE 0 9 Q 0 X 0 K 0.09 (26) 54 108.7 S 1 F -0.58 0.09 (Sun T) 198 108.7 B -0.58 0.09 (echnical Bulletin) 219.63 108.7 B 0 F -0.58 0.09 (\321) 281.66 108.7 B 1 F -0.58 0.09 (Mar) 290.75 108.7 B -0.58 0.09 (ch 1993) 306.85 108.7 B 558 675 54 675 2 L 0.3 H 2 Z N 185 83.74 393.76 101.24 R 7 X V 54 690.23 68.96 693.5 R 0 X V 54 684.77 68.96 688.05 R V 54 679.47 68.96 682.75 R V 54 688.14 68.96 690.41 R 7 X V 54 682.86 68.96 684.96 R V 4 11 Q 0 X -0.71 0.11 (Device Clean Scripts for Floppy Disks and CD-ROM) 198 640.67 B 0 10 Q 0.52 0.1 (The) 198 624.33 B 2 F 1.22 0.1 (device_clean) 218.16 624.33 B 0 F 0.52 0.1 ( scripts for the \337oppy disk drives and CD-ROM devices) 291.36 624.33 B 0.52 0.1 (ar) 198 611.93 B 0.52 0.1 (e shown in T) 206.97 611.93 B 0.52 0.1 (able) 265.64 611.93 B 0.52 0.1 (5:) 286.87 611.93 B -0.07 0.1 (These scripts use the) 198 525.53 B 2 F -0.17 0.1 (eject\0501\051) 293.66 525.53 B 0 F -0.07 0.1 ( command to r) 342.46 525.53 B -0.07 0.1 (emove the media fr) 408.03 525.53 B -0.07 0.1 (om the drive.) 495.24 525.53 B 0.52 0.1 (If) 198 513.13 B 2 F 1.22 0.1 (eject\0501\051) 208.02 513.13 B 0 F 0.52 0.1 ( fails, the device will be placed in the allocate err) 256.82 513.13 B 0.52 0.1 (or state.) 481.3 513.13 B 4 11 Q -0.71 0.11 (Device Clean Script for Audio) 198 488.07 B 0 10 Q 0.52 0.1 (The audio device is cleaned up using the) 198 471.73 B 2 F 1.22 0.1 (audio_clean\0501\051) 388.68 471.73 B 0 F 0.52 0.1 ( pr) 474.08 471.73 B 0.52 0.1 (ogram. This) 487.18 471.73 B 0.52 0.1 (pr) 198 459.33 B 0.52 0.1 (ogram performs an) 207.98 459.33 B 2 F 1.22 0.1 (AUDIO_DRAIN) 299.02 459.33 B 1.22 0.1 (ioctl) 369.24 459.33 B 0 F 0.52 0.1 ( to \337ush the device, and then an) 399.74 459.33 B 2 F 1.22 0.1 (AUDIO_SETINFO) 198 446.93 B 1.22 0.1 (ioctl) 280.42 446.93 B 0 F 0.52 0.1 ( to r) 310.92 446.93 B 0.52 0.1 (eset the device con\336guration to default. In) 329.95 446.93 B 0.52 0.1 (addition, this pr) 198 434.53 B 0.52 0.1 (ogram r) 271.83 434.53 B 0.52 0.1 (etrieves the audio chip r) 308.12 434.53 B 0.52 0.1 (egisters using the) 419.41 434.53 B 2 F 0.38 0.1 (AUDIOGETREG) 198 422.13 B 0.38 0.1 (ioctl) 267.86 422.13 B 0 F 0.16 0.1 (, and any r) 298.36 422.13 B 0.16 0.1 (egisters deviating fr) 347.03 422.13 B 0.16 0.1 (om default ar) 437.3 422.13 B 0.16 0.1 (e r) 498.41 422.13 B 0.16 0.1 (eset using) 509.94 422.13 B 2 F 1.22 0.1 (AUDIOSETREG) 198 409.73 B 1.22 0.1 (ioctl) 268.22 409.73 B 0 F 0.52 0.1 (.) 298.72 409.73 B 4 11 Q -0.71 0.11 (W) 198 384.67 B -0.71 0.11 (riting New Device Clean Scripts) 208.78 384.67 B 0 10 Q 0.52 0.1 (If you add mor) 198 368.33 B 0.52 0.1 (e allocatable devices to the system, you might need to cr) 267.49 368.33 B 0.52 0.1 (eate) 526.2 368.33 B 0.19 0.1 (your own device clean scripts. The) 198 355.93 B 2 F 0.43 (deallocate) 358.18 355.93 P 0 F 0.19 0.1 ( command passes a parameter) 418.18 355.93 B 0.52 0.1 (to the device clean scripts as shown her) 198 343.53 B 0.52 0.1 (e, a string that contains the device) 379.73 343.53 B 0.52 0.1 (name \050see) 198 331.13 B 2 F 1.22 0.1 (device_allocate\0504\051) 246.63 331.13 B 0 F 0.52 0.1 (\051:) 356.43 331.13 B 2 F 1.1 -0.5 (st_clean -[I|F|S]) 216 316.73 B 4 F 0.4 -0.5 (device_name) 317.2 316.73 B 0 F 0.27 0.1 (Device clean scripts must r) 198 296.73 B 0.27 0.1 (eturn 0 for success, >0 for failur) 320.25 296.73 B 0.27 0.1 (e. The option letters) 464.55 296.73 B 2 F 1.2 (-I|-F|-S) 198 284.33 P 0 F 0.52 0.1 ( help the script determine its r) 246 284.33 B 0.52 0.1 (unning mode.) 385.06 284.33 B 2 F 1.2 (-I) 198 263.93 P 0 F 0.52 0.1 ( is needed during system boot only) 210 263.93 B 0.52 0.1 (. All output must go to the system) 370.73 263.93 B 0.52 0.1 (console. Failur) 198 251.53 B 0.52 0.1 (e or inability to for) 264.32 251.53 B 0.52 0.1 (cibly eject the media must put the device in) 350.79 251.53 B 0.52 0.1 (the allocate err) 198 239.13 B 0.52 0.1 (or state.) 265.79 239.13 B 2 F 1.2 (-F) 198 218.73 P 0 F 0.52 0.1 ( is for for) 210 218.73 B 0.52 0.1 (ced cleanup and) 252.61 218.73 B 2 F 1.2 (-S) 330.54 218.73 P 0 F 0.52 0.1 ( is for standar) 342.54 218.73 B 0.52 0.1 (d cleanup. These ar) 406.19 218.73 B 0.52 0.1 (e interactive) 495.3 218.73 B 0.52 0.1 (and assume that the user is ther) 198 206.33 B 0.52 0.1 (e to r) 344.39 206.33 B 0.52 0.1 (espond to pr) 368.31 206.33 B 0.52 0.1 (ompts. W) 426.48 206.33 B 0.52 0.1 (ith the) 470.05 206.33 B 2 F 1.22 0.1 (-F) 502.75 206.33 B 0 F 0.52 0.1 ( option,) 514.95 206.33 B 0.31 0.1 (the script must attempt to complete the cleanup if one part of the cleanup fails.) 198 193.93 B 1 9 Q 0.09 (T) 198 594.6 S 0.09 (able) 202.59 594.6 S 0.09 (5) 219.46 594.6 S 0 F 0.47 0.09 (Device Clean Scripts for the Floppy Disk Drive and CD-ROM Device) 241.2 594.6 B 5 F 0.47 0.09 (Disk Device T) 198 577.6 B 0.47 0.09 (ype) 258.28 577.6 B 0.47 0.09 (Device Clean Script) 324 577.6 B 0 F 0.47 0.09 (Floppy Disk) 198 562.6 B 2 F 1.1 0.09 (fd_clean\0501\051) 324 562.6 B 0 F 0.47 0.09 (CD-ROM) 198 547.6 B 2 F 1.1 0.09 (sr_clean\0501\051) 324 547.6 B 198 587.6 421.2 587.6 2 L V 0 Z N 198 572.6 421.2 572.6 2 L V 0.5 H N 198 542.6 421.2 542.6 2 L V 0.3 H N FMENDPAGE %%EndPage: "26" 27 %%Trailer %%BoundingBox: 0 0 612 792 %%Pages: 26 1 %%DocumentFonts: Palatino-Roman %%+ Palatino-Italic %%+ Courier %%+ Times-Bold %%+ Palatino-BoldItalic %%+ Palatino-Bold %%+ Courier-Bold