Patch Name: PHCO_27704

Patch Description: s700_800 11.11 audisp(1M) cumulative patch

Creation Date: 02/09/13

Post Date:  02/10/03

Hardware Platforms - OS Releases:
	s700: 11.11
	s800: 11.11

Products: N/A

Filesets:
	SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical: No

Category Tags:
	defect_repair enhancement general_release
	manual_dependencies

Path Name: /hp-ux_patches/s700_800/11.X/PHCO_27704

Symptoms:
	PHCO_27704:
	( SR:8606273229 CR:JAGae37330 )
	audisp(1M) prints an error message "audisp: bad aud_flag
	struct." for the audit record of the acl(2) system call.

	( SR:8606274955 CR:JAGae39032 )
	audisp(1M) prints "Event=????????" in the event field for
	the audit record of the ttrace(2) system call and does not
	show parameters.

	( SR:8606277441 CR:JAGae41512 )
	audisp(1M) replaces tab characters (0x09) in the self-audit
	message with '?'.

	PHCO_24504:
	( SR:8606204442 CR:JAGad73624 )
	audisp(1M) enhancement to display information for IPv6
	socket related system calls.

	( SR:8606205150 CR:JAGad74326 )
	audisp(1M) output contains unprintable characters for unix
	sockets longer than 16 bytes.

Defect Description:
	PHCO_27704:
	( SR:8606273229 CR:JAGae37330 )
	audisp(1M) does not have the information necessary to
	recognize the acl(2) system call.  It can not interpret the
	system call number or parameter information.

	Resolution:
	audisp(1M) now has access to the acl(2) system call
	information.

	( SR:8606274955 CR:JAGae39032 )
	audisp(1M) does not have the information necessary to
	recognize the ttrace(2) system call.  It can not interpret
	the system call number or parameter information.

	Resolution:
	audisp(1M) now has access to the ttrace(2) system call
	information.

	( SR:8606277441 CR:JAGae41512 )
	audisp(1M) replaces non-printable characters in self-audit
	message with '?'. It currently does not recognize tab
	characters as printable characters.

	Resolution:
	audisp(1M) now prints tab characters without replacing
	them with '?'.

	PHCO_24504:
	( SR:8606204442 CR:JAGad73624 )
	audisp(1M) does not understand IPv6 sockets.

	Resolution:
	audisp(1M) is updated to understand IPv6 socket format.

	( SR:8606205150 CR:JAGad74326 )
	Unix socket information longer than 16 bytes is not null
	terminated in the audit file.  The auditing command expects
	the null termination.

	Resolution:
	audisp(1M) terminates the unix socket information with null
	before printing.

Enhancement:
	No (superseded patches contained enhancements)
	PHCO_27704:
		Enhancements were delivered in a patch this one has
		superseded.  Please review the Defect Description
		text for more information.

SR:
	8606204442 8606205150 8606273229 8606274955 8606277441

Patch Files:
	
	SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
	/usr/lib/nls/msg/C/audisp.cat
	/usr/sbin/audisp

what(1) Output:
	
	SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
	/usr/lib/nls/msg/C/audisp.cat:
		None
	/usr/sbin/audisp:
		audisp.c $Date: 2002/09/10 18:31:48 $Revision: r11.1
			1/2 PATCH_11.11 (PHCO_27704)
		$Revision: @(#) audisp CUP11.11_BL2002_0913_3 PATCH_
			11.11 PHCO_27704
		Fri Sep 13 03:25:28 PDT 2002 $

cksum(1) Output:
	
	SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
	3301359019 3889 /usr/lib/nls/msg/C/audisp.cat
	890978483 53248 /usr/sbin/audisp

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies:
	PHCO_24504:  The kernel patch PHKL_24505 is required to
	generate complete IPv6 and unix socket information.

Supersedes:
	PHCO_24504 

Equivalent Patches: None

Patch Package Size: 80 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHCO_27704

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHCO_27704.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHCO_27704.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHCO_27704.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHCO_27704.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHCO_27704.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None