144 lines
4.2 KiB
Plaintext
144 lines
4.2 KiB
Plaintext
|
|
How to configure your audit system with satconfig
|
|
=================================================
|
|
|
|
Functions Found in the Menu Bar
|
|
-------------------------------
|
|
|
|
Load
|
|
|
|
You are prompted to specify a file to load events from.
|
|
Files generated with the satconfig 'save' function are
|
|
correctly formatted; so is configuration file
|
|
/etc/config/sat_select.options. Each event toggle is
|
|
set to the value specified in the selected file.
|
|
|
|
Save
|
|
|
|
The current settings of the event toggles are saved in a
|
|
file. You are prompted to specify the name of the file.
|
|
|
|
Exit
|
|
|
|
Finish up with the satconfig program. The 'exit' menu
|
|
item acts the same as the 'quit' push button.
|
|
|
|
Select Factory Default Events
|
|
|
|
Set the event toggles to the standard values as shipped
|
|
by Silicon Graphics.
|
|
|
|
Select Local Default Events
|
|
|
|
Set the event toggles to the values you last chose,
|
|
either when you used the satconfig 'apply' push button,
|
|
or when you edited /etc/config/sat_select.options.
|
|
|
|
Select Current Events
|
|
|
|
Set the event toggles to the values which are
|
|
currently in use by the kernel audit subsystem. The
|
|
'select current events' menu item acts the same as the
|
|
'revert' push button.
|
|
|
|
Select All Events
|
|
|
|
Set all event toggles 'on'. If you press the 'apply'
|
|
push button with all events selected, you will begin
|
|
collecting a huge volume of audit information.
|
|
|
|
Select No Events
|
|
|
|
Set all event toggles 'off'. If you press the 'apply'
|
|
push button with no events selected, you will, in
|
|
effect, turn off the audit subsystem.
|
|
|
|
Help With Version
|
|
|
|
Display the satconfig version number.
|
|
|
|
Help Using Program
|
|
|
|
Display the information you're reading now.
|
|
|
|
Help Choosing Events
|
|
|
|
Display a brief summary of each event.
|
|
|
|
|
|
Picking the Right Set of Audit Events
|
|
-------------------------------------
|
|
|
|
Clicking on one of the event names in the scrolled check
|
|
box window toggles the state of the event. When the event
|
|
is selected to be audited, the toggle button appears to be
|
|
depressed; the upper left corner is dark shadowed, and the
|
|
center of the toggle button is set to the highlight color.
|
|
When the event is not selected to be audited, the toggle
|
|
button appears to pop out of the screen; the lower right
|
|
corner is dark shadowed, and the center of the toggle button
|
|
is set to the application's background color.
|
|
|
|
Not all the event toggle buttons fit on the screen at once.
|
|
Use the scroll bar(s) to reveal hidden event toggle buttons.
|
|
|
|
The events you have chosen are not audited by the system
|
|
until you finalize your changes with the push buttons at the
|
|
bottom of the satconfig main window.
|
|
|
|
|
|
Finalizing Your Changes
|
|
-----------------------
|
|
|
|
Apply
|
|
|
|
When you press the 'apply' push button, satconfig
|
|
causes the kernel to begin collecting audit records
|
|
for the events you have specified, and /etc/config/
|
|
sat_select.options is filled with the state values
|
|
you chose for the audit events. Your choices will
|
|
be automatically reapplied each time you reboot.
|
|
|
|
Revert
|
|
|
|
When you press the 'revert' push button, any changes
|
|
you've made to the event toggle buttons are lost, and
|
|
the toggles reflect the set of events currently being
|
|
audited by the system.
|
|
|
|
Quit
|
|
|
|
The 'quit' push button closes down satconfig.
|
|
|
|
|
|
Customizing satconfig
|
|
---------------------
|
|
|
|
Colors, fonts, strings and screen layout are all determined
|
|
by resources in /usr/lib/X11/app-defaults/Satconfig. The
|
|
default resource values may be overridden by values in your
|
|
$HOME/.Xresources file. All satconfig resources are standard
|
|
to motif, so you can learn more about them in the motif manual
|
|
pages or in any standard motif textbook.
|
|
|
|
|
|
Troubleshooting
|
|
---------------
|
|
|
|
Although satconfig may be used by any user, only the superuser
|
|
can access the kernel components of the audit system. Ordinary
|
|
users won't be able to apply changes to the system, nor will
|
|
they have the privileges necessary to write changes out to the
|
|
system configuration file /etc/config/sat_select.options. If
|
|
satconfig presents you with a privilege error dialog window,
|
|
exit the program, become superuser, and run satconfig again.
|
|
|
|
|
|
Where to Look for Additional Information
|
|
----------------------------------------
|
|
|
|
sat_select(1m)
|
|
|
|
command line functionality equivalent to satconfig
|
|
|