Failures
Auditing failed operations can be useful to detect users who attempt to gain access to disallowed services or data. The frequent occurrence of such failures can indicate malicious (if not particularly clever) personnel.
The base system divides failures into five categories:
- Privilege failures (an attempt by an unprivileged process to perform an action that is restricted to privileged processes)
- MAC failures (failure of an action because the action would violate MAC restrictions)
- MIC failures (failure of an action because the action would violate MIC restrictions)
- DAC failures (failure of an action because the action would violate DAC restrictions)
- Other failures (for example, an attempt to log in with an incorrect password)