Operating System - HP-UX

1836002 Members

2210 Online

110088 Solutions

HP-UX audit trail filtering

Hello,

I'm trying to setup audit trails filtering based on feautures of DPMS filters.
File with rules contain several rules which intended to exclude some unneeded info
-----

[filter]
-file.pathname =~ /^\/usr\/lib/ || file.pathname =~ /^\/usr\/local\/lib/ || file.pathname =~ /^\/usr\/sbin/ || file.pathname =~ /^\/dev/ || file.pathname =~ /^\/sbin/ || file.pathname =~ /^\/usr\/bin/ || file.pathname =~ /^\/usr\/local\/bin/ || file.pathname =~ /^\/usr\/lib/ || file.pathname =~ /^\/usr\/local\/lib/ || file.pathname =~ /^\/lib/|| file.pathname =~ /^\/usr\/local\/etc/ || file.pathname =~ /^\/etc/ ;
-open.oflag=read-only

[filter]
exclude file.pathname =~ /^\/tmp/ || file.pathname =~ /^\/usr\/man/ || file.pathname =~ /^\/usr\/tmp/ || file.pathname =~ /^\/usr\/local\/doc/ || file.pathname =~ /^\/usr\/local\/share/ || file.pathname =~ /^\/usr\/share/
------------------------------------------
But it doesn't work as intended: exclude open call with read-only flag, exclude everything related to /tmp and other directories and leave everything behind that.

In situation when this file is separated into two files with one rule in each, it works but creates overhead because of pipe usage

# auditdp -S /etc/audit/dpms_filters/rule1 -r /var/.audit/trail -P | auditdp -p -S /etc/audit/dpms_filters/rule2

If there any solution to have only one file with rules?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

HP-UX audit trail filtering

HP-UX audit trail filtering