10.7 Compliance Auditor Options

The command line options for the Compliance Auditor allow you to perform the following tasks:

10.7.1 Exporting and Importing Compliance Auditor Settings

The Compliance Auditor now supports the ability to export and import its settings from the command line. You can export and import the following settings:

  • Audit Rules

  • Audit Reports

  • Access Control Levels

Exporting: The export command exports only configuration settings; the audit records are not exported. The export includes all rules and reports, even those that have been disabled. The Compliance Auditor does not allow rules or reports to be deleted, because they might be associated with audit records. The exported file is in XML format.

Importing: You should import the settings only on a system that hasn’t been configured or on a system where the current configuration is not needed. Every rule and report contains a unique ID, but if that ID already exists on the current system, the rule or report is overwritten by the imported configuration.

Commands: The commands use the following syntax:

./unifi -n secaudit import -f <file>
./unifi -n secaudit export -f <file>

If you have not mapped your local account to a Framework Manager user (see Modify User: Native Maps), replace the -n option with -u <username> -p <password> options and specify the name and password of a Framework Manager user who has the rights to perform this task.

Replace <file> with the name of the file to import or to create for the export.

10.7.2 Managing Compliance Auditor Records

The compliance auditor now supports the ability to archive, restore, and purge the audit records from the command line. These commands can be performed on the Framemaker Manager console machine or from a backup host. When executed from a backup host, a command is actually execute on the primary host.If a backup host is promoted to be a primary host, the archived database can be placed on the promoted manager and restored.

The secaudit command has the following syntax:

./unifi -n secaudit [list] [listarchive] [archive] [restore] [purge]

If you have not mapped your local account to a Framework Manager user (see Modify User: Native Maps), replace the -n option with -u <username> -p <password> options and specify the name and password of a Framework Manager user who has the rights to perform this task.

The secaudit command supports the following options:

Option

Description

list <format>

Displays all of the audit records currently stored, including any records already archived, unless archived records have been purged. To view a format other than the default, specify one of the following:

-x: For XML output.

-D <date>: For modifying the date format. For example, if you replace <date> with %D for the format, the time stamp is displayed as 07/14/09 rather than 2009-07-14_11-52-56. For possible options, see strftime(3C).

-F <fmt>: For specifying what template information is displayed. By default, the following information is displayed.

  • id: The unique ID of the archive.

  • who: The ID of the user who created the archive.

  • reason: The reason for the archive, if provided by the user.

  • timestmp: The date and time when the archive occurred.

Replace <fmt> with one or more of these options. Individual options are enclosed with ${ }$ and separated from other options with a comma. The entire string is enclosed in single quotes. For example:

 -F '${id}$,${reason}$'

archive -n <from:to> -p <pwd> -r “<reason>

Creates a database in the /opt/novell/npum/service/local/secaudit directory with the following format:

sa-2009-06-05_11-38-43.db

Each archived database can then be taken offline (moved to another storage area) and put back in place at any point.

Specify values for the following parameters:

-n <from:to>: Specifies the records to archive. To archive one record, specify its ID. To archive a range of records, replace <from:to> with the range. For example to archive records 20 to 40, specify 20:40. Use the list option to view the IDs of the records.

p <pwd>: (Optional) Specifies a password. If a password is specified for an archive, the same password must be used to restore the archive.

-r “<reason>”: (Optional) Specifies a reason for the archive. The text must be included in double quotes.

listarchive <format>

Displays each of the archives that have been created. To view a format other than the default, replace <format> with a supported format. See the list option for valid values.

restore -n <archid> -p <pwd>

Restores an archive set of audit records so that they are displayed in the Compliance Auditor console.

-n <archid>: Specifies the archive to restore. Use the listarchive option to view the IDs of the archives.

p <pwd>: (Conditional) Specifies a password. If a password is specified for an archive, the same password must be used to restore the archive.

purge

Purges audit records that have been archived.

Records that have been purged no longer appear in the Compliance Auditor console. A restore of the archive makes these records viewable again.