HPE Community
Operating System - HP-UX
1753805 Members
7858 Online
108805 Solutions
New Discussion

Re: System call to flush or null a file

 
coollllllllllll
Regular Advisor

‎05-08-2013 01:20 AM

‎05-08-2013 01:20 AM

System call to flush or null a file

Hi ,

 

What is the system call from unix end to flush or nullify a file.

am thinking of starting auditing of my hpux boxxes 11.23 ,  wherein some major system calls to be monitored for some users.

like root oracle , application user.

 

what should i use "audevent -P -s ????"  here to catch hold of someone trying to flush a file  or flushed a file .

0 Kudos
Reply
14 REPLIES 14
Dennis Handly
Acclaimed Contributor

‎05-08-2013 02:54 AM

‎05-08-2013 02:54 AM

Re: System call to flush or null a file

To catch trying to reset the EOF of a file, you need to look for open with O_TRUNC.

Reply
coollllllllllll
Regular Advisor

‎05-08-2013 05:42 AM

‎05-08-2013 05:42 AM

Re: System call to flush or null a file

Hi Dennis ,

 

Thanks

Also i have observed that "rm " is not getting captured via auditing  i.e audevent  is there any way i can track it ??? 

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎05-08-2013 01:03 PM

‎05-08-2013 01:03 PM

Re: System call to flush or null a file

>I have observed that "rm" is not getting captured

 

rm is an unlink(2).

Reply
coollllllllllll
Regular Advisor

‎05-09-2013 03:03 AM

‎05-09-2013 03:03 AM

Re: System call to flush or null a file

Hi Dennis ,

 

Can i have auditing enabled only for some specific commands  and for some specific users ONLY like ,

 

rm

rm -rf

someone flushing  a file

someone renaming a file

someone copying a file

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎05-09-2013 04:18 AM - edited ‎05-13-2013 10:55 PM

‎05-09-2013 04:18 AM - edited ‎05-13-2013 10:55 PM

Re: System call to flush or null a file

>Can I have auditing enabled only for some specific commands?

 

Only if you log execution of that command.  I.e. open that executable.

Or there is a system call that the command does.

I assume if you have auditing turned on, you can filter for specific users.

 

>someone renaming a file

 

This is a rename.

 

>someone copying a file

 

This is some opening that file.

Reply
coollllllllllll
Regular Advisor

‎05-13-2013 10:38 PM

‎05-13-2013 10:38 PM

Re: System call to flush or null a file

Hi Dennis ,

 

I didnt get it.

 

Only if you log execution of that command, open that executable.

Or there is a system that the command does.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎05-13-2013 10:56 PM

‎05-13-2013 10:56 PM

Re: System call to flush or null a file

>I didn't get it.

 

I've updated the post and fixed a few missing words.

Reply
chindi
Respected Contributor

‎07-17-2013 01:01 AM

‎07-17-2013 01:01 AM

Re: System call to flush or null a file

Hi Matti ,

 

Can you please help me here with your inputs.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎07-17-2013 01:30 AM

‎07-17-2013 01:30 AM

Re: System call to flush or null a file

>Can you please help me here with your inputs?

 

What's your question?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.