Oracle ACFS Command-Line Tools for Auditing
This topic provides a summary of the commands for Oracle ACFS auditing.
Table 16-43 lists the Oracle ACFS auditing commands with brief descriptions. For an overview of Oracle ACFS auditing, refer to Oracle ACFS Auditing.
For information about running Oracle ACFS acfsutil commands, refer to About Using Oracle ACFS Command-Line Tools.
Table 16-43 Summary of commands for Oracle ACFS auditing
| Command | Description |
|---|---|
|
Forces an archival of the audit trail. |
|
|
Disables auditing for Oracle ACFS encryption or security. |
|
|
Enables auditing for Oracle ACFS encryption or security. |
|
|
Displays auditing information. |
|
|
Initializes auditing on an Oracle ACFS environment. |
|
|
Purges the audit trail for a specified file system. |
|
|
Marks the audit trail to indicate that the audit trail has been read. |
acfsutil audit archive
Purpose
Forces an archival of the audit trail for the current host on the specified Oracle ACFS file system.
Syntax and Description
acfsutil audit archive -h
acfsutil audit archive -m mount_pointacfsutil audit archive -h displays help text and exits.
Table 16-44 contains the options available with the acfsutil audit archive command.
Table 16-44 Options for the acfsutil audit archive command
| Option | Description |
|---|---|
|
|
Specifies the directory where the file system is mounted. |
You can use the acfsutil audit archive command to safely back up or remove audit data without the possibility of losing intermediate audit messages.
Only an audit manager can run this command.
Examples
The following example shows the use of the acfsutil audit archive command.
Example 16-39 Using the acfsutil audit archive command
$ /sbin/acfsutil audit archive -m /acfsmounts/acfs1
acfsutil audit disable
Purpose
Disables auditing for either Oracle ACFS encryption or security on a specified file system.
Syntax and Description
acfsutil audit disable -h
acfsutil audit disable -m mount_point -s {encr |sec}acfsutil audit disable -h displays help text and exits.
Table 16-45 contains the options available with the acfsutil audit disable command.
Table 16-45 Options for the acfsutil audit disable command
| Option | Description |
|---|---|
|
|
Specifies the directory where the file system is mounted. |
|
|
Specifies whether to disable auditing for encryption or security. |
Only an audit manager can run this command.
Examples
The following example shows the use of the acfsutil audit disable command.
Example 16-40 Using the acfsutil audit disable command
$ /sbin/acfsutil audit disable -m /acfsmounts/acfs1 -s encr
acfsutil audit enable
Purpose
Enables auditing for either Oracle ACFS encryption or security on a specified file system.
Syntax and Description
acfsutil audit enable -h
acfsutil audit enable -m mount_point -s {encr |sec}acfsutil audit enable -h displays help text and exits.
Table 16-46 contains the options available with the acfsutil audit enable command.
Table 16-46 Options for the acfsutil audit enable command
| Option | Description |
|---|---|
|
|
Specifies the directory where the file system is mounted. |
|
|
Specifies whether to enable auditing for encryption or security. |
The acfsutil audit enable command may also create the mount_point/.Security/audit directory, which is a location for audit source files. The audit directory is created when auditing first is enabled for a file system, as a result of either the acfsutil encr set, acfsutil sec prepare, or acfsutil audit enable command.
Only an audit manager can run this command.
Examples
The following example shows the use of the acfsutil audit enable command.
Example 16-41 Using the acfsutil audit enable command
$ /sbin/acfsutil audit enable -m /acfsmounts/acfs1 -s encr
acfsutil audit info
Purpose
Displays auditing information.
Syntax and Description
acfsutil audit info -h
acfsutil audit info [-m mount_point ]acfsutil audit info -h displays help text and exits.
Table 16-47 contains the options available with the acfsutil audit info command.
Table 16-47 Options for the acfsutil audit info command
| Option | Description |
|---|---|
|
|
Optionally specifies the directory where the file system is mounted. |
Only an audit manager can run this command.
Examples
The following example shows the use of the acfsutil audit info command.
Example 16-42 Using the acfsutil audit info command
$ /sbin/acfsutil audit info -m /acfsmounts/acfs1 Auditing information for '/acfsmounts/acfs1': Audit trail size: 10MB Archive File: READ Audit Sources: Security: ENABLED Encryption: ENABLED
acfsutil audit init
Purpose
Initializes Oracle ACFS auditing.
Syntax and Description
acfsutil audit init -h acfsutil audit init -M audit_manager_group -A auditor_group
acfsutil audit init -h displays help text and exits.
Table 16-48 contains the options available with the acfsutil audit init command.
Table 16-48 Options for the acfsutil audit init command
| Option | Description |
|---|---|
|
|
Specifies the operating system (OS) group which assigns users to the Oracle ACFS audit manager role. To achieve separation of duties, you should create a new group specifically for this purpose and this group should be different from the system administrator group, Oracle ACFS security administrator OS group, and the Oracle ACFS audit auditor OS group |
|
|
Specifies the operating system (OS) group which assigns users to the Oracle ACFS audit auditor role. To achieve separation of duties, you should create a new group specifically for this purpose and this group should be different from the system administrator group, Oracle ACFS security administrator OS group, and the Oracle ACFS audit manager OS group. |
The acfsutil audit init command must be run by the system administrator before enabling auditing for any of the audit sources on a file system. The command sets up the required roles for auditing and must be run before any type of auditing can be enabled on a file system. After running the command, auditing is enabled by default for all features which use auditing.
Because you cannot choose a different OS group for either the Oracle ACFS audit manager or auditor after initialization, you should create new OS groups for these specific purposes before initializing Oracle ACFS auditing.
Only a system administrator can run this command.
Examples
The following example shows the use of the acfsutil audit init command.
Example 16-43 Using the acfsutil audit init command
# /sbin/acfsutil audit init -M myaudit_mgr_grp -A myauditor_grp
acfsutil audit purge
Purpose
Purges the audit trail for a specified file system.
Syntax and Description
acfsutil audit purge -h
acfsutil audit purge -m mount_point [-f]acfsutil audit purge -h displays help text and exits.
Table 16-49 contains the options available with the acfsutil audit purge command.
Table 16-49 Options for the acfsutil audit purge command
| Option | Description |
|---|---|
|
|
Specifies the directory where the file system is mounted. |
|
|
Forces the removal of the audit trail even if the audit auditor has not marked the file as read using the |
Only an audit manager can run this command.
Examples
The following example shows the use of the acfsutil audit purge command.
Example 16-44 Using the acfsutil audit purge command
$ /sbin/acfsutil audit purge -m /acfsmounts/acfs1 -f
acfsutil audit read
Purpose
Marks the audit trail to indicates to the audit manager that the log archive file for the current node has been reviewed, backed up as necessary, and is safe to purge.
Syntax and Description
acfsutil audit read -h
acfsutil audit read -m mount_pointacfsutil audit read -h displays help text and exits.
Table 16-50 contains the options available with the acfsutil audit read command.
Table 16-50 Options for the acfsutil audit read command
| Option | Description |
|---|---|
|
|
Specifies the directory where the file system is mounted. |
Only an audit auditor can run this command.
Examples
The following example shows the use of the acfsutil audit read command.
Example 16-45 Using the acfsutil audit read command
$ /sbin/acfsutil audit read -m /acfsmounts/acfs1