What are AudFilter rules and how can I tell if they are enabled

PamelaJThrasher · ‎04-01-2010

Hello-
Today I recieved an email about an critical alert impacting HP-UX 11.31 (HPSBUX02514 SSRT100010 rev.1)

It states:
A potential security vulnerability have been identified with HP-UX with AudFilter rules enabled. The vulnerability could be exploited locally to create a Denial of Service (DoS).

What are AudFilter rules and how can I tell if they are enabled?

TIA
Pam

Ron Freund · ‎04-01-2010

See http://docs.hp.com/en/5992-3373/ch08s03.html for more info on the Auditing system.

"HP-UX Auditing System Extensions is a _*Software Pack*_ product and is delivered as an optional product on all Operating Environments."

Check in /var/.audit/ if empty you're not using it...

See man 5 audit too.

HTH
Ron

Ron Freund · ‎04-01-2010

From the product Release notes:
# swlist -d @ /tmp/.depot
If the HP-UX Auditing System Extensions depot is on your system, you'll see this:
AuditExt B.11.31.03 HP-UX Auditing System Extensions.

They are here: http://docs.hp.com/en/5900-0338/5900-0338.pdf
R

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

What are AudFilter rules and how can I tell if they are enabled

What are AudFilter rules and how can I tell if they are enabled

Re: What are AudFilter rules and how can I tell if they are enabled

Re: What are AudFilter rules and how can I tell if they are enabled