mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-10 09:42:26 +00:00
Vendor branch import of OpenBSM 1.0 alpha 3:
- Man page formatting, cross reference, mlinks, and accuracy improvements. - auditd and tools now compile and run on FreeBSD/arm. - auditd will now fchown() the trail file to the audit review group, if defined at compile-time. - Added AUE_SYSARCH for FreeBSD. - Definition of AUE_SETFSGID fixed for Linux. Many thanks to: brueffer, cognet Obtained from: TrustedBSD Project
This commit is contained in:
parent
742561f0d7
commit
23bf6e2091
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor/openbsm/dist/; revision=155364 svn path=/vendor/openbsm/1.0-ALPHA-3/; revision=155366; tag=vendor/openbsm/1.0-ALPHA-3
@ -1,3 +1,12 @@
|
|||||||
|
OpenBSM 1.0 alpha 3
|
||||||
|
|
||||||
|
- Man page formatting, cross reference, mlinks, and accuracy improvements.
|
||||||
|
- auditd and tools now compile and run on FreeBSD/arm.
|
||||||
|
- auditd will now fchown() the trail file to the audit review group, if
|
||||||
|
defined at compile-time.
|
||||||
|
- Added AUE_SYSARCH for FreeBSD.
|
||||||
|
- Definition of AUE_SETFSGID fixed for Linux.
|
||||||
|
|
||||||
OpenBSM 1.0 alpha 2
|
OpenBSM 1.0 alpha 2
|
||||||
|
|
||||||
- Man page formatting improvements.
|
- Man page formatting improvements.
|
||||||
@ -71,5 +80,6 @@ OpenBSM 1.0 alpha 1
|
|||||||
- Annotate BSM events with origin OS and compatibility information.
|
- Annotate BSM events with origin OS and compatibility information.
|
||||||
- auditd(8), audit(8) added to the OpenBSM distribution. auditd extended
|
- auditd(8), audit(8) added to the OpenBSM distribution. auditd extended
|
||||||
to support reloading of kernel event table.
|
to support reloading of kernel event table.
|
||||||
|
- Allow comments in /etc/security configuration files.
|
||||||
|
|
||||||
$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#7 $
|
$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#10 $
|
||||||
|
@ -62,6 +62,8 @@ to the development of OpenBSM:
|
|||||||
Wojciech Koszek
|
Wojciech Koszek
|
||||||
Chunyang Yuan
|
Chunyang Yuan
|
||||||
Poul-Henning Kamp
|
Poul-Henning Kamp
|
||||||
|
Christian Brueffer
|
||||||
|
Olivier Houchard
|
||||||
|
|
||||||
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
|
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
|
||||||
Software's FlexeLint tool were used to identify a number of bugs in the
|
Software's FlexeLint tool were used to identify a number of bugs in the
|
||||||
@ -83,4 +85,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
|
|||||||
|
|
||||||
http://www.TrustedBSD.org/
|
http://www.TrustedBSD.org/
|
||||||
|
|
||||||
$P4: //depot/projects/trustedbsd/openbsm/README#11 $
|
$P4: //depot/projects/trustedbsd/openbsm/README#13 $
|
||||||
|
@ -1 +1 @@
|
|||||||
OPENBSM_1_0_ALPHA_2
|
OPENBSM_1_0_ALPHA_3
|
||||||
|
@ -29,9 +29,9 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" @APPLE_BSD_LICENSE_HEADER_END@
|
.\" @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#4 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#6 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd January 24, 2004
|
||||||
.Dt AUDIT 8
|
.Dt AUDIT 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -48,7 +48,7 @@ utility controls the state of the audit system.
|
|||||||
The optional
|
The optional
|
||||||
.Ar file
|
.Ar file
|
||||||
operand specifies the location of the audit control input file (default
|
operand specifies the location of the audit control input file (default
|
||||||
.Pa /etc/security/audit_control ).
|
.Pa /etc/security/audit_control ) .
|
||||||
.Pp
|
.Pp
|
||||||
The options are as follows:
|
The options are as follows:
|
||||||
.Bl -tag -width Ds
|
.Bl -tag -width Ds
|
||||||
@ -65,15 +65,17 @@ Log files are closed
|
|||||||
and renamed to indicate the time of the shutdown.
|
and renamed to indicate the time of the shutdown.
|
||||||
.El
|
.El
|
||||||
.Sh NOTES
|
.Sh NOTES
|
||||||
The auditd(8) daemon must already be running.
|
The
|
||||||
|
.Xr auditd 8
|
||||||
|
daemon must already be running.
|
||||||
.Sh FILES
|
.Sh FILES
|
||||||
.Bl -tag -width "/etc/security/audit_control" -compact
|
.Bl -tag -width "/etc/security/audit_control" -compact
|
||||||
.It Pa /etc/security/audit_control
|
.It Pa /etc/security/audit_control
|
||||||
Default audit policy file used to configure the auditing system.
|
Default audit policy file used to configure the auditing system.
|
||||||
.El
|
.El
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
|
.Xr audit_control 5 ,
|
||||||
.Xr auditd 8
|
.Xr auditd 8
|
||||||
.Xr audit_control 5
|
|
||||||
.Sh AUTHORS
|
.Sh AUTHORS
|
||||||
This software was created by McAfee Research, the security research division
|
This software was created by McAfee Research, the security research division
|
||||||
of McAfee, Inc., under contract to Apple Computer Inc.
|
of McAfee, Inc., under contract to Apple Computer Inc.
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
*
|
*
|
||||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#2 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#4 $
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Program to trigger the audit daemon with a message that is either:
|
* Program to trigger the audit daemon with a message that is either:
|
||||||
@ -65,7 +65,7 @@ usage(void)
|
|||||||
int
|
int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
char ch;
|
int ch;
|
||||||
unsigned int trigger = 0;
|
unsigned int trigger = 0;
|
||||||
|
|
||||||
if (argc != 2)
|
if (argc != 2)
|
||||||
|
@ -29,9 +29,9 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" @APPLE_BSD_LICENSE_HEADER_END@
|
.\" @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#6 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#8 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd January 24, 2004
|
||||||
.Dt AUDITD 8
|
.Dt AUDITD 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -63,9 +63,14 @@ that may cause audit records to be lost due to log file full conditions
|
|||||||
.Pp
|
.Pp
|
||||||
To assure uninterrupted audit support, the
|
To assure uninterrupted audit support, the
|
||||||
.Nm auditd
|
.Nm auditd
|
||||||
daemon should not be started and stopped manually. Instead, the audit(1) command
|
daemon should not be started and stopped manually.
|
||||||
|
Instead, the
|
||||||
|
.Xr audit 8
|
||||||
|
command
|
||||||
should be used to inform the daemon to change state/configuration after altering
|
should be used to inform the daemon to change state/configuration after altering
|
||||||
the audit_control file.
|
the
|
||||||
|
.Pa audit_control
|
||||||
|
file.
|
||||||
.Pp
|
.Pp
|
||||||
.\" Sending a SIGHUP to a running
|
.\" Sending a SIGHUP to a running
|
||||||
.\" .Nm auditd
|
.\" .Nm auditd
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
*
|
*
|
||||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#8 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#11 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/dirent.h>
|
#include <sys/dirent.h>
|
||||||
@ -46,6 +46,7 @@
|
|||||||
|
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
|
#include <grp.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
@ -170,6 +171,34 @@ close_lastfile(char *TS)
|
|||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Create the new audit file with appropriate permissions and ownership. Try
|
||||||
|
* to clean up if something goes wrong.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
#ifdef AUDIT_REVIEW_GROUP
|
||||||
|
open_trail(const char *fname, uid_t uid, gid_t gid)
|
||||||
|
#else
|
||||||
|
open_trail(const char *fname)
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
int error, fd;
|
||||||
|
|
||||||
|
fd = open(fname, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP);
|
||||||
|
if (fd < 0)
|
||||||
|
return (-1);
|
||||||
|
#ifdef AUDIT_REVIEW_GROUP
|
||||||
|
if (fchown(fd, uid, gid) < 0) {
|
||||||
|
error = errno;
|
||||||
|
close(fd);
|
||||||
|
(void)unlink(fname);
|
||||||
|
errno = error;
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
return (fd);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create the new file name, swap with existing audit file.
|
* Create the new file name, swap with existing audit file.
|
||||||
*/
|
*/
|
||||||
@ -180,7 +209,12 @@ swap_audit_file(void)
|
|||||||
char *fn;
|
char *fn;
|
||||||
char TS[POSTFIX_LEN];
|
char TS[POSTFIX_LEN];
|
||||||
struct dir_ent *dirent;
|
struct dir_ent *dirent;
|
||||||
int fd;
|
#ifdef AUDIT_REVIEW_GROUP
|
||||||
|
struct group *grp;
|
||||||
|
gid_t gid;
|
||||||
|
uid_t uid;
|
||||||
|
#endif
|
||||||
|
int error, fd;
|
||||||
|
|
||||||
if (getTSstr(TS, POSTFIX_LEN) != 0)
|
if (getTSstr(TS, POSTFIX_LEN) != 0)
|
||||||
return (-1);
|
return (-1);
|
||||||
@ -188,6 +222,22 @@ swap_audit_file(void)
|
|||||||
strcpy(timestr, TS);
|
strcpy(timestr, TS);
|
||||||
strcat(timestr, NOT_TERMINATED);
|
strcat(timestr, NOT_TERMINATED);
|
||||||
|
|
||||||
|
#ifdef AUDIT_REVIEW_GROUP
|
||||||
|
/*
|
||||||
|
* XXXRW: Currently, this code falls back to the daemon gid, which is
|
||||||
|
* likely the wheel group. Is there a better way to deal with this?
|
||||||
|
*/
|
||||||
|
grp = getgrnam(AUDIT_REVIEW_GROUP);
|
||||||
|
if (grp == NULL) {
|
||||||
|
syslog(LOG_INFO,
|
||||||
|
"Audit review group '%s' not available, using daemon gid",
|
||||||
|
AUDIT_REVIEW_GROUP);
|
||||||
|
gid = -1;
|
||||||
|
} else
|
||||||
|
gid = grp->gr_gid;
|
||||||
|
uid = getuid();
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Try until we succeed. */
|
/* Try until we succeed. */
|
||||||
while ((dirent = TAILQ_FIRST(&dir_q))) {
|
while ((dirent = TAILQ_FIRST(&dir_q))) {
|
||||||
if ((fn = affixdir(timestr, dirent)) == NULL) {
|
if ((fn = affixdir(timestr, dirent)) == NULL) {
|
||||||
@ -201,20 +251,27 @@ swap_audit_file(void)
|
|||||||
* kernel if all went well.
|
* kernel if all went well.
|
||||||
*/
|
*/
|
||||||
syslog(LOG_INFO, "New audit file is %s\n", fn);
|
syslog(LOG_INFO, "New audit file is %s\n", fn);
|
||||||
fd = open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP);
|
#ifdef AUDIT_REVIEW_GROUP
|
||||||
|
fd = open_trail(fn, uid, gid);
|
||||||
|
#else
|
||||||
|
fd = open_trail(fn);
|
||||||
|
#endif
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
perror("File open");
|
warn("open(%s)", fn);
|
||||||
else if (auditctl(fn) != 0) {
|
if (fd >= 0) {
|
||||||
syslog(LOG_ERR,
|
error = auditctl(fn);
|
||||||
"auditctl failed setting log file! : %s\n",
|
if (error) {
|
||||||
strerror(errno));
|
syslog(LOG_ERR,
|
||||||
close(fd);
|
"auditctl failed setting log file! : %s\n",
|
||||||
} else {
|
strerror(errno));
|
||||||
/* Success. */
|
close(fd);
|
||||||
close_lastfile(TS);
|
} else {
|
||||||
lastfile = fn;
|
/* Success. */
|
||||||
close(fd);
|
close_lastfile(TS);
|
||||||
return (0);
|
lastfile = fn;
|
||||||
|
close(fd);
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -708,7 +765,7 @@ setup(void)
|
|||||||
int
|
int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
char ch;
|
int ch;
|
||||||
int debug = 0;
|
int debug = 0;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
*
|
*
|
||||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#4 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#5 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _AUDITD_H_
|
#ifndef _AUDITD_H_
|
||||||
@ -43,6 +43,13 @@
|
|||||||
#define MAX_DIR_SIZE 255
|
#define MAX_DIR_SIZE 255
|
||||||
#define AUDITD_NAME "auditd"
|
#define AUDITD_NAME "auditd"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If defined, then the audit daemon will attempt to chown newly created logs
|
||||||
|
* to this group. Otherwise, they will be the default for the user running
|
||||||
|
* auditd, likely the audit group.
|
||||||
|
*/
|
||||||
|
#define AUDIT_REVIEW_GROUP "audit"
|
||||||
|
|
||||||
#define POSTFIX_LEN 16
|
#define POSTFIX_LEN 16
|
||||||
#define NOT_TERMINATED ".not_terminated"
|
#define NOT_TERMINATED ".not_terminated"
|
||||||
|
|
||||||
|
@ -25,9 +25,9 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#8 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#10 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd January 24, 2004
|
||||||
.Dt AUDITREDUCE 1
|
.Dt AUDITREDUCE 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -124,7 +124,8 @@ Select records containing the given shared memory id.
|
|||||||
.Sh Examples
|
.Sh Examples
|
||||||
.Pp
|
.Pp
|
||||||
To select all records associated with effective user ID root from the audit
|
To select all records associated with effective user ID root from the audit
|
||||||
log /var/audit/20031016184719.20031017122634:
|
log
|
||||||
|
.Pa /var/audit/20031016184719.20031017122634 :
|
||||||
.Pp
|
.Pp
|
||||||
.Nm
|
.Nm
|
||||||
-e root /var/audit/20031016184719.20031017122634
|
-e root /var/audit/20031016184719.20031017122634
|
||||||
@ -136,9 +137,9 @@ events from that log:
|
|||||||
.Nm
|
.Nm
|
||||||
-m AUE_SETLOGIN /var/audit/20031016184719.20031017122634
|
-m AUE_SETLOGIN /var/audit/20031016184719.20031017122634
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
|
.Xr praudit 1 ,
|
||||||
.Xr audit_control 5 ,
|
.Xr audit_control 5 ,
|
||||||
.Xr audit_event 5 ,
|
.Xr audit_event 5
|
||||||
.Xr praudit 1
|
|
||||||
.Sh AUTHORS
|
.Sh AUTHORS
|
||||||
This software was created by McAfee Research, the security research division
|
This software was created by McAfee Research, the security research division
|
||||||
of McAfee, Inc., under contract to Apple Computer Inc.
|
of McAfee, Inc., under contract to Apple Computer Inc.
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
* POSSIBILITY OF SUCH DAMAGE.
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#11 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#13 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -529,7 +529,7 @@ main(int argc, char **argv)
|
|||||||
FILE *fp;
|
FILE *fp;
|
||||||
int i;
|
int i;
|
||||||
char *objval, *converr;
|
char *objval, *converr;
|
||||||
char ch;
|
int ch;
|
||||||
char timestr[128];
|
char timestr[128];
|
||||||
char *fname;
|
char *fname;
|
||||||
|
|
||||||
|
@ -25,9 +25,9 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#7 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#8 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd January 24, 2004
|
||||||
.Dt PRAUDIT 1
|
.Dt PRAUDIT 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
* POSSIBILITY OF SUCH DAMAGE.
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#7 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#9 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -105,7 +105,7 @@ print_tokens(FILE *fp)
|
|||||||
int
|
int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
char ch;
|
int ch;
|
||||||
int i;
|
int i;
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
*
|
*
|
||||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#34 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#37 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _BSM_AUDIT_KEVENTS_H_
|
#ifndef _BSM_AUDIT_KEVENTS_H_
|
||||||
@ -360,7 +360,7 @@
|
|||||||
#define AUE_NMOUNT 380 /* FreeBSD-specific. */
|
#define AUE_NMOUNT 380 /* FreeBSD-specific. */
|
||||||
#define AUE_BDFLUSH 381 /* Linux-specific. */
|
#define AUE_BDFLUSH 381 /* Linux-specific. */
|
||||||
#define AUE_SETFSUID 382 /* Linux-specific. */
|
#define AUE_SETFSUID 382 /* Linux-specific. */
|
||||||
#define AUE_GETFSUID 383 /* Linux-specific. */
|
#define AUE_SETFSGID 383 /* Linux-specific. */
|
||||||
#define AUE_PERSONALITY 384 /* Linux-specific. */
|
#define AUE_PERSONALITY 384 /* Linux-specific. */
|
||||||
#define AUE_SCHED_GETSCHEDULER 385 /* POSIX.1b. */
|
#define AUE_SCHED_GETSCHEDULER 385 /* POSIX.1b. */
|
||||||
#define AUE_SCHED_SETSCHEDULER 386 /* POSIX.1b. */
|
#define AUE_SCHED_SETSCHEDULER 386 /* POSIX.1b. */
|
||||||
@ -383,6 +383,7 @@
|
|||||||
#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */
|
#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */
|
||||||
#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */
|
#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */
|
||||||
#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */
|
#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */
|
||||||
|
#define AUE_SYSARCH 406 /* FreeBSD. */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
|
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
|
||||||
@ -428,6 +429,7 @@
|
|||||||
#define AUE_O_RECVFROM AUE_RECVFROM /* Darwin */
|
#define AUE_O_RECVFROM AUE_RECVFROM /* Darwin */
|
||||||
#define AUE_O_SETREUID AUE_SETREUID /* Darwin */
|
#define AUE_O_SETREUID AUE_SETREUID /* Darwin */
|
||||||
#define AUE_O_SETREGID AUE_SETREGID /* Darwin */
|
#define AUE_O_SETREGID AUE_SETREGID /* Darwin */
|
||||||
|
#define AUE_O_GETDIRENTRIES AUE_GETDIRENTRIES /* Darwin */
|
||||||
#define AUE_O_TRUNCATE AUE_TRUNCATE /* Darwin */
|
#define AUE_O_TRUNCATE AUE_TRUNCATE /* Darwin */
|
||||||
#define AUE_O_FTRUNCATE AUE_FTRUNCATE /* Darwin */
|
#define AUE_O_FTRUNCATE AUE_FTRUNCATE /* Darwin */
|
||||||
#define AUE_O_GETPEERNAME AUE_NULL /* Darwin */
|
#define AUE_O_GETPEERNAME AUE_NULL /* Darwin */
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# OpenBSM libbsm
|
# OpenBSM libbsm
|
||||||
#
|
#
|
||||||
# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile#11 $
|
# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile#13 $
|
||||||
#
|
#
|
||||||
|
|
||||||
LIB= bsm
|
LIB= bsm
|
||||||
@ -35,7 +35,9 @@ MAN= libbsm.3 \
|
|||||||
|
|
||||||
MLINKS= libbsm.3 bsm.3 \
|
MLINKS= libbsm.3 bsm.3 \
|
||||||
au_class.3 getauclassent.3 \
|
au_class.3 getauclassent.3 \
|
||||||
|
au_class.3 getauclassent_r.3 \
|
||||||
au_class.3 getauclassnam.3 \
|
au_class.3 getauclassnam.3 \
|
||||||
|
au_class.3 getauclassnam_r.3 \
|
||||||
au_class.3 setauclass.3 \
|
au_class.3 setauclass.3 \
|
||||||
au_class.3 endauclass.3 \
|
au_class.3 endauclass.3 \
|
||||||
au_control.3 setac.3 \
|
au_control.3 setac.3 \
|
||||||
@ -47,9 +49,13 @@ MLINKS= libbsm.3 bsm.3 \
|
|||||||
au_event.3 setauevent.3 \
|
au_event.3 setauevent.3 \
|
||||||
au_event.3 endauevent.3 \
|
au_event.3 endauevent.3 \
|
||||||
au_event.3 getauevent.3 \
|
au_event.3 getauevent.3 \
|
||||||
|
au_event.3 getauevent_r.3 \
|
||||||
au_event.3 getauevnam.3 \
|
au_event.3 getauevnam.3 \
|
||||||
|
au_event.3 getauevnam_r.3 \
|
||||||
au_event.3 getauevnum.3 \
|
au_event.3 getauevnum.3 \
|
||||||
|
au_event.3 getauevnum_r.3 \
|
||||||
au_event.3 getauevnonam.3 \
|
au_event.3 getauevnonam.3 \
|
||||||
|
au_event.3 getauevnonam_r.3 \
|
||||||
au_io.3 au_fetch_tok.3 \
|
au_io.3 au_fetch_tok.3 \
|
||||||
au_io.3 au_print_tok.3 \
|
au_io.3 au_print_tok.3 \
|
||||||
au_io.3 au_read_rec.3 \
|
au_io.3 au_read_rec.3 \
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#2 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt AU_CONTROL 3
|
.Dt AU_CONTROL 3
|
||||||
@ -67,7 +67,7 @@ closes the
|
|||||||
database.
|
database.
|
||||||
.Pp
|
.Pp
|
||||||
.Fn getacdir
|
.Fn getacdir
|
||||||
Return the name of the directory where log data is stored via the passed
|
returns the name of the directory where log data is stored via the passed
|
||||||
character buffer
|
character buffer
|
||||||
.Va name
|
.Va name
|
||||||
of length
|
of length
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#3 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#4 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt AU_EVENT 3
|
.Dt AU_EVENT 3
|
||||||
@ -123,9 +123,9 @@ Functions
|
|||||||
and
|
and
|
||||||
.Fn getauevnuam
|
.Fn getauevnuam
|
||||||
will return a reference to a
|
will return a reference to a
|
||||||
.Dt struct au_event_ent
|
.Ft struct au_event_ent
|
||||||
or
|
or
|
||||||
.Dt au_event_t
|
.Ft au_event_t
|
||||||
on success, or
|
on success, or
|
||||||
.Dv NULL on failure, with
|
.Dv NULL on failure, with
|
||||||
.Va errno
|
.Va errno
|
||||||
|
@ -27,7 +27,7 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#2 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#3 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt AU_FREE_TOKEN 3
|
.Dt AU_FREE_TOKEN 3
|
||||||
@ -40,7 +40,7 @@
|
|||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In libbsm.h
|
.In libbsm.h
|
||||||
.Ft void
|
.Ft void
|
||||||
.Fn au_free_tokenen "token_t *tok"
|
.Fn au_free_token "token_t *tok"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The BSM API generally manages deallocation of
|
The BSM API generally manages deallocation of
|
||||||
.Vt token_t
|
.Vt token_t
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#2 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#3 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt AU_MASK 3
|
.Dt AU_MASK 3
|
||||||
@ -109,7 +109,7 @@ will be set to indicate the error.
|
|||||||
.Sh IMPLEMENTATION NOTES
|
.Sh IMPLEMENTATION NOTES
|
||||||
.Fn au_preselect
|
.Fn au_preselect
|
||||||
makes implicit use of various audit database routines, and may influence
|
makes implicit use of various audit database routines, and may influence
|
||||||
the behavior of simultaenous or interleaved processing of those databases by
|
the behavior of simultaneous or interleaved processing of those databases by
|
||||||
other code.
|
other code.
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr libbsm 3 ,
|
.Xr libbsm 3 ,
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#4 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt AU_TOKEN 3
|
.Dt AU_TOKEN 3
|
||||||
@ -179,10 +179,10 @@
|
|||||||
.Fn au_to_trailer "int rec_size"
|
.Fn au_to_trailer "int rec_size"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
These interfaces support the allocation of BSM audit tokens, represented by
|
These interfaces support the allocation of BSM audit tokens, represented by
|
||||||
.Dt token_t ,
|
.Ft token_t ,
|
||||||
for various data types.
|
for various data types.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
On sucess, a pointer to a
|
On success, a pointer to a
|
||||||
.Vt token_t
|
.Vt token_t
|
||||||
will be returned; the allocated
|
will be returned; the allocated
|
||||||
.Vt token_t
|
.Vt token_t
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_user.3#3 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_user.3#4 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt AU_USER 3
|
.Dt AU_USER 3
|
||||||
@ -72,7 +72,7 @@ and events never to audit
|
|||||||
.Dv au_never .
|
.Dv au_never .
|
||||||
.Pp
|
.Pp
|
||||||
.Fn getauuserent
|
.Fn getauuserent
|
||||||
return the next user found in the
|
returns the next user found in the
|
||||||
.Xr audit_user 5
|
.Xr audit_user 5
|
||||||
database, or the first if the function has not yet been called.
|
database, or the first if the function has not yet been called.
|
||||||
.Dv NULL
|
.Dv NULL
|
||||||
@ -96,7 +96,7 @@ closes the
|
|||||||
database, if open.
|
database, if open.
|
||||||
.Pp
|
.Pp
|
||||||
.Nm au_user_mask
|
.Nm au_user_mask
|
||||||
calculate a new session audit mask to be returned via
|
calculates a new session audit mask to be returned via
|
||||||
.Dv mask_p
|
.Dv mask_p
|
||||||
for the user identified by
|
for the user identified by
|
||||||
.Dv username .
|
.Dv username .
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#3 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#4 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt LIBBSM 3
|
.Dt LIBBSM 3
|
||||||
@ -48,57 +48,56 @@ event stream interfaces, class interfaces, control interfaces, event
|
|||||||
interfaces, I/O interfaces, mask interfaces, notification interfaces, token
|
interfaces, I/O interfaces, mask interfaces, notification interfaces, token
|
||||||
interfaces, and user interfaces.
|
interfaces, and user interfaces.
|
||||||
These are described respectively in the
|
These are described respectively in the
|
||||||
.Xr au_stream 3 ,
|
|
||||||
.Xr au_class 3 ,
|
.Xr au_class 3 ,
|
||||||
.Xr au_control 3 ,
|
.Xr au_control 3 ,
|
||||||
.Xr au_event 3 ,
|
.Xr au_event 3 ,
|
||||||
.Xr au_mask 3 ,
|
.Xr au_mask 3 ,
|
||||||
.Xr au_notify 3 ,
|
.Xr au_notify 3 ,
|
||||||
|
.Xr au_stream 3 ,
|
||||||
.Xr au_token 3 ,
|
.Xr au_token 3 ,
|
||||||
.Xr au_user 3
|
.Xr au_user 3
|
||||||
man pages.
|
man pages.
|
||||||
.Ss Audit Event Stream Interfaces
|
.Ss Audit Event Stream Interfaces
|
||||||
Audit event stream interfaces support interaction with file-backed audit
|
Audit event stream interfaces support interaction with file-backed audit
|
||||||
event streams:
|
event streams:
|
||||||
.Xr au_free_token 3 ,
|
.Xr au_close 3 .
|
||||||
.Xr au_free_token 3 ,
|
.Xr au_free_token 3 ,
|
||||||
.Xr au_open 3 ,
|
.Xr au_open 3 ,
|
||||||
.Xr au_write 3 ,
|
.Xr au_write 3 ,
|
||||||
.Xr au_close 3 .
|
|
||||||
.Ss Audit Class Interfaces
|
.Ss Audit Class Interfaces
|
||||||
Audit class interfaces support the look up of information from the
|
Audit class interfaces support the look up of information from the
|
||||||
.Xr audit_class 5
|
.Xr audit_class 5
|
||||||
database:
|
database:
|
||||||
|
.Xr endauclass 3 ,
|
||||||
.Xr getauclassent 3 ,
|
.Xr getauclassent 3 ,
|
||||||
.Xr getauclassent_r 3 ,
|
.Xr getauclassent_r 3 ,
|
||||||
.Xr getauclassnam 3 ,
|
.Xr getauclassnam 3 ,
|
||||||
.Xr getauclassnam_r 3 ,
|
.Xr getauclassnam_r 3 ,
|
||||||
.Xr setauclass 3 ,
|
.Xr setauclass 3 .
|
||||||
.Xr endauclass 3 .
|
|
||||||
.Ss Audit Control Interfaces
|
.Ss Audit Control Interfaces
|
||||||
Audit control interfaces support the look up of information from the
|
Audit control interfaces support the look up of information from the
|
||||||
.Xr audit_control 5
|
.Xr audit_control 5
|
||||||
database:
|
database:
|
||||||
.Xr setac 3 ,
|
|
||||||
.Xr endac 3 ,
|
.Xr endac 3 ,
|
||||||
|
.Xr setac 3 ,
|
||||||
.Xr getacdir 3 ,
|
.Xr getacdir 3 ,
|
||||||
.Xr getacmin 3 ,
|
|
||||||
.Xr getacflg 3 ,
|
.Xr getacflg 3 ,
|
||||||
|
.Xr getacmin 3 ,
|
||||||
.Xr getacna 3 .
|
.Xr getacna 3 .
|
||||||
.Ss Audit Event Interfaces
|
.Ss Audit Event Interfaces
|
||||||
Audit event interfaces support the look up of information from the
|
Audit event interfaces support the look up of information from the
|
||||||
.Xr audit_event 5
|
.Xr audit_event 5
|
||||||
database:
|
database:
|
||||||
.Xr setauevent 3 ,
|
|
||||||
.Xr endauevent 3 ,
|
.Xr endauevent 3 ,
|
||||||
|
.Xr setauevent 3 ,
|
||||||
.Xr getauevent 3 ,
|
.Xr getauevent 3 ,
|
||||||
.Xr getauevent_r 3 ,
|
.Xr getauevent_r 3 ,
|
||||||
.Xr getauevnam 3 ,
|
.Xr getauevnam 3 ,
|
||||||
.Xr getauevnam_r 3 ,
|
.Xr getauevnam_r 3 ,
|
||||||
.Xr getauevnum 3 ,
|
|
||||||
.Xr getauevnum_r 3 ,
|
|
||||||
.Xr getauevnonam 3 ,
|
.Xr getauevnonam 3 ,
|
||||||
.Xr getauevnonam_r 3 ,
|
.Xr getauevnonam_r 3 ,
|
||||||
|
.Xr getauevnum 3 ,
|
||||||
|
.Xr getauevnum_r 3 .
|
||||||
.Ss Audit I/O Interfaces
|
.Ss Audit I/O Interfaces
|
||||||
Audit I/O interfaces support the processing and printing of tokens, as well
|
Audit I/O interfaces support the processing and printing of tokens, as well
|
||||||
as the reading of audit records:
|
as the reading of audit records:
|
||||||
@ -117,9 +116,9 @@ by a mask:
|
|||||||
.Ss Audit Notification Interfaces
|
.Ss Audit Notification Interfaces
|
||||||
Audit notification routines track audit state in a form permitting efficient
|
Audit notification routines track audit state in a form permitting efficient
|
||||||
update, avoiding frequent system calls to check the kernel audit state:
|
update, avoiding frequent system calls to check the kernel audit state:
|
||||||
|
.Xr au_get_state 3 ,
|
||||||
.Xr au_notify_initialize 3 ,
|
.Xr au_notify_initialize 3 ,
|
||||||
.Xr au_notify_terminate 3 ,
|
.Xr au_notify_terminate 3 .
|
||||||
.Xr au_get_state 3 .
|
|
||||||
These interfaces are implemented only for Darwin/Mac OS X.
|
These interfaces are implemented only for Darwin/Mac OS X.
|
||||||
.Ss Audit Token Interface
|
.Ss Audit Token Interface
|
||||||
Audit token interfaces permit the creation of tokens for use in creating
|
Audit token interfaces permit the creation of tokens for use in creating
|
||||||
@ -127,63 +126,63 @@ audit records for submission to event streams.
|
|||||||
Each interface converts a C type to its
|
Each interface converts a C type to its
|
||||||
.Vt token_t
|
.Vt token_t
|
||||||
representation.
|
representation.
|
||||||
|
.Xr au_to_arg 3 ,
|
||||||
.Xr au_to_arg32 3 ,
|
.Xr au_to_arg32 3 ,
|
||||||
.Xr au_to_arg64 3 ,
|
.Xr au_to_arg64 3 ,
|
||||||
.Xr au_to_arg 3 ,
|
|
||||||
.Xr au_to_attr64 3 ,
|
.Xr au_to_attr64 3 ,
|
||||||
.Xr au_to_data 3 ,
|
.Xr au_to_data 3 ,
|
||||||
|
.Xr au_to_exec_args 3 ,
|
||||||
|
.Xr au_to_exec_env 3 ,
|
||||||
.Xr au_to_exit 3 ,
|
.Xr au_to_exit 3 ,
|
||||||
|
.Xr au_to_file 3 ,
|
||||||
.Xr au_to_groups 3 ,
|
.Xr au_to_groups 3 ,
|
||||||
.Xr au_to_newgroups 3 ,
|
.Xr au_to_header32 3 ,
|
||||||
|
.Xr au_to_header64 3 ,
|
||||||
.Xr au_to_in_addr 3 ,
|
.Xr au_to_in_addr 3 ,
|
||||||
.Xr au_to_in_addr_ex 3 ,
|
.Xr au_to_in_addr_ex 3 ,
|
||||||
.Xr au_to_ip 3 ,
|
.Xr au_to_ip 3 ,
|
||||||
.Xr au_to_ipc 3 ,
|
.Xr au_to_ipc 3 ,
|
||||||
.Xr au_to_ipc_perm 3 ,
|
.Xr au_to_ipc_perm 3 ,
|
||||||
.Xr au_to_iport 3 ,
|
.Xr au_to_iport 3 ,
|
||||||
|
.Xr au_to_me 3 ,
|
||||||
|
.Xr au_to_newgroups 3 ,
|
||||||
.Xr au_to_opaque 3 ,
|
.Xr au_to_opaque 3 ,
|
||||||
.Xr au_to_file 3 ,
|
|
||||||
.Xr au_to_text 3 ,
|
|
||||||
.Xr au_to_path 3 ,
|
.Xr au_to_path 3 ,
|
||||||
|
.Xr au_to_process 3 ,
|
||||||
.Xr au_to_process32 3 ,
|
.Xr au_to_process32 3 ,
|
||||||
.Xr au_to_process64 3 ,
|
.Xr au_to_process64 3 ,
|
||||||
.Xr au_to_process 3 ,
|
.Xr au_to_process_ex 3 ,
|
||||||
.Xr au_to_process32_ex 3 ,
|
.Xr au_to_process32_ex 3 ,
|
||||||
.Xr au_to_process64_ex 3 ,
|
.Xr au_to_process64_ex 3 ,
|
||||||
.Xr au_to_process_ex 3 ,
|
.Xr au_to_return 3 ,
|
||||||
.Xr au_to_return32 3 ,
|
.Xr au_to_return32 3 ,
|
||||||
.Xr au_to_return64 3 ,
|
.Xr au_to_return64 3 ,
|
||||||
.Xr au_to_return 3 ,
|
|
||||||
.Xr au_to_seq 3 ,
|
.Xr au_to_seq 3 ,
|
||||||
.Xr au_to_socket 3 ,
|
.Xr au_to_socket 3 ,
|
||||||
.Xr au_to_socket_ex_32 3 ,
|
.Xr au_to_socket_ex_32 3 ,
|
||||||
.Xr au_to_socket_ex_128 3 ,
|
.Xr au_to_socket_ex_128 3 ,
|
||||||
|
.Xr au_to_sock_inet 3 ,
|
||||||
.Xr au_to_sock_inet32 3 ,
|
.Xr au_to_sock_inet32 3 ,
|
||||||
.Xr au_to_sock_inet128 3 ,
|
.Xr au_to_sock_inet128 3 ,
|
||||||
.Xr au_to_sock_inet 3 ,
|
.Xr au_to_subject 3 ,
|
||||||
.Xr au_to_subject32 3 ,
|
.Xr au_to_subject32 3 ,
|
||||||
.Xr au_to_subject64 3 ,
|
.Xr au_to_subject64 3 ,
|
||||||
.Xr au_to_subject 3 ,
|
.Xr au_to_subject_ex 3 ,
|
||||||
.Xr au_to_subject32_ex 3 ,
|
.Xr au_to_subject32_ex 3 ,
|
||||||
.Xr au_to_subject64_ex 3 ,
|
.Xr au_to_subject64_ex 3 ,
|
||||||
.Xr au_to_subject_ex 3 ,
|
.Xr au_to_text 3 ,
|
||||||
.Xr au_to_me 3 ,
|
|
||||||
.Xr au_to_exec_args 3 ,
|
|
||||||
.Xr au_to_exec_env 3 ,
|
|
||||||
.Xr au_to_header32 3 ,
|
|
||||||
.Xr au_to_header64 3 ,
|
|
||||||
.Xr au_to_trailer 3 .
|
.Xr au_to_trailer 3 .
|
||||||
.Ss Audit User Interfaces
|
.Ss Audit User Interfaces
|
||||||
Audit user interfaces support the look up of information from the
|
Audit user interfaces support the look up of information from the
|
||||||
.Xr audit_user 5
|
.Xr audit_user 5
|
||||||
database:
|
database:
|
||||||
.Xr setauuser 3 ,
|
.Xr au_user_mask 3 ,
|
||||||
.Xr endauuser 3 ,
|
.Xr endauuser 3 ,
|
||||||
|
.Xr setauuser 3 ,
|
||||||
.Xr getauuserent 3 ,
|
.Xr getauuserent 3 ,
|
||||||
.Xr getauuserent_r 3 ,
|
.Xr getauuserent_r 3 ,
|
||||||
.Xr getauusernam 3 ,
|
.Xr getauusernam 3 ,
|
||||||
.Xr getauusernam_r 3 ,
|
.Xr getauusernam_r 3 ,
|
||||||
.Xr au_user_mask 3 ,
|
|
||||||
.Xr getfauditflags 3 .
|
.Xr getfauditflags 3 .
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr au_class 3 ,
|
.Xr au_class 3 ,
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#7 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#8 $
|
||||||
.\"
|
.\"
|
||||||
.Dd May 1, 2005
|
.Dd May 1, 2005
|
||||||
.Dt AUDIT.LOG 5
|
.Dt AUDIT.LOG 5
|
||||||
@ -204,7 +204,7 @@ The
|
|||||||
token contains an IP packet header in network byte order.
|
token contains an IP packet header in network byte order.
|
||||||
An
|
An
|
||||||
.Dv ip
|
.Dv ip
|
||||||
token can be cread using
|
token can be created using
|
||||||
.Xr au_to_ip 3 .
|
.Xr au_to_ip 3 .
|
||||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||||
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
||||||
@ -249,7 +249,7 @@ token contains a pathname.
|
|||||||
A
|
A
|
||||||
.Dv path
|
.Dv path
|
||||||
token can be created using
|
token can be created using
|
||||||
.Xr auto_path 3 .
|
.Xr au_to_path 3 .
|
||||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||||
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
||||||
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
||||||
@ -262,7 +262,7 @@ The
|
|||||||
token contains a set of nul-terminated path names.
|
token contains a set of nul-terminated path names.
|
||||||
The
|
The
|
||||||
.Xr libbsm 3
|
.Xr libbsm 3
|
||||||
API cannot currently create an
|
API cannot currently create a
|
||||||
.Dv path_attr
|
.Dv path_attr
|
||||||
token.
|
token.
|
||||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||||
@ -283,7 +283,7 @@ token, which describes the subject performing an auditable event.
|
|||||||
This includes both the traditional
|
This includes both the traditional
|
||||||
.Ux
|
.Ux
|
||||||
security properties, such as user IDs and group IDs, but also audit
|
security properties, such as user IDs and group IDs, but also audit
|
||||||
information such as the audit user ID and sesion.
|
information such as the audit user ID and session.
|
||||||
A
|
A
|
||||||
.Dv process
|
.Dv process
|
||||||
token can be created using
|
token can be created using
|
||||||
@ -310,12 +310,12 @@ token contains the contents of the
|
|||||||
.Dv process
|
.Dv process
|
||||||
token, with the addition of a machine address type and variable length
|
token, with the addition of a machine address type and variable length
|
||||||
address storage capable of containing IPv6 addresses.
|
address storage capable of containing IPv6 addresses.
|
||||||
A
|
An
|
||||||
.Dv expanded process
|
.Dv expanded process
|
||||||
token can be created using
|
token can be created using
|
||||||
.Xr au_to_process32_ex 3
|
.Xr au_to_process32_ex 3
|
||||||
or
|
or
|
||||||
.Xr au_to_process64 3 .
|
.Xr au_to_process64_ex 3 .
|
||||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||||
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
||||||
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
||||||
@ -385,7 +385,7 @@ token consists of the same elements as the
|
|||||||
.Dv subject
|
.Dv subject
|
||||||
token, with the addition of type/length and variable size machine address
|
token, with the addition of type/length and variable size machine address
|
||||||
information in the terminal ID.
|
information in the terminal ID.
|
||||||
A
|
An
|
||||||
.Dv expanded subject
|
.Dv expanded subject
|
||||||
token can be created using
|
token can be created using
|
||||||
.Xr au_to_subject32_ex 3
|
.Xr au_to_subject32_ex 3
|
||||||
@ -412,7 +412,7 @@ token ...
|
|||||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||||
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
||||||
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
||||||
.It Li "object ID type" Ta "1 byte" Ta "Object ID"
|
.It Li "Object ID type" Ta "1 byte" Ta "Object ID"
|
||||||
.It Li "Object ID" Ta "4 bytes" Ta "Object ID"
|
.It Li "Object ID" Ta "4 bytes" Ta "Object ID"
|
||||||
.El
|
.El
|
||||||
.Ss Text Token
|
.Ss Text Token
|
||||||
@ -438,7 +438,7 @@ included with the attribute block for a file; optional
|
|||||||
.Dv path
|
.Dv path
|
||||||
tokens may also be present in an audit record indicating which path, if any,
|
tokens may also be present in an audit record indicating which path, if any,
|
||||||
was used to reach the object.
|
was used to reach the object.
|
||||||
A
|
An
|
||||||
.Dv attribute
|
.Dv attribute
|
||||||
token can be created using
|
token can be created using
|
||||||
.Xr au_to_attr32 3
|
.Xr au_to_attr32 3
|
||||||
@ -593,8 +593,8 @@ token ...
|
|||||||
.It Li XXXXX
|
.It Li XXXXX
|
||||||
.El
|
.El
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr audit 8,
|
.Xr libbsm 3 ,
|
||||||
.Xr libbsm 3
|
.Xr audit 8
|
||||||
.Sh AUTHORS
|
.Sh AUTHORS
|
||||||
The Basic Security Module (BSM) interface to audit records and audit event
|
The Basic Security Module (BSM) interface to audit records and audit event
|
||||||
stream format were defined by Sun Microsystems.
|
stream format were defined by Sun Microsystems.
|
||||||
|
@ -25,9 +25,9 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#5 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#7 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd January 24, 2004
|
||||||
.Dt AUDIT_CLASS 5
|
.Dt AUDIT_CLASS 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -40,8 +40,9 @@ file contains descriptions of the auditable event classes on the system.
|
|||||||
Each auditable event is a member of an event class.
|
Each auditable event is a member of an event class.
|
||||||
Each line maps an audit event
|
Each line maps an audit event
|
||||||
mask (bitmap) to a class and a description.
|
mask (bitmap) to a class and a description.
|
||||||
Entries are of the form
|
Entries are of the form:
|
||||||
.Dl classmask:eventclass:description.
|
.Pp
|
||||||
|
.Dl classmask:eventclass:description
|
||||||
.Pp
|
.Pp
|
||||||
Example entries in this file are:
|
Example entries in this file are:
|
||||||
.Bd -literal -offset indent
|
.Bd -literal -offset indent
|
||||||
|
@ -25,9 +25,9 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#5 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd January 4, 2006
|
||||||
.Dt AUDIT_CONTROL 5
|
.Dt AUDIT_CONTROL 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -38,7 +38,9 @@ The
|
|||||||
.Nm
|
.Nm
|
||||||
file contains several audit system parameters.
|
file contains several audit system parameters.
|
||||||
Each line of this file is of the form:
|
Each line of this file is of the form:
|
||||||
.Dl parameter:value.
|
.Pp
|
||||||
|
.Dl parameter:value
|
||||||
|
.Pp
|
||||||
The parameters are:
|
The parameters are:
|
||||||
.Bl -tag -width Ds
|
.Bl -tag -width Ds
|
||||||
.It Pa dir
|
.It Pa dir
|
||||||
@ -63,13 +65,15 @@ When the free space falls below this limit a warning will be issued.
|
|||||||
Not currently used as the value of 20 percent is chosen by the kernel.
|
Not currently used as the value of 20 percent is chosen by the kernel.
|
||||||
.El
|
.El
|
||||||
.Sh AUDIT FLAGS
|
.Sh AUDIT FLAGS
|
||||||
Audit flags are a comma delimited list of audit classes as defined in the
|
Audit flags are a comma-delimited list of audit classes as defined in the
|
||||||
audit_class file.
|
.Pa audit_class
|
||||||
|
file.
|
||||||
See
|
See
|
||||||
.Xr audit_class 5
|
.Xr audit_class 5
|
||||||
for details.
|
for details.
|
||||||
Event classes may be preceded by a prefix which changes their interpretation.
|
Event classes may be preceded by a prefix which changes their interpretation.
|
||||||
The following prefixes may be used for each class:
|
The following prefixes may be used for each class:
|
||||||
|
.Pp
|
||||||
.Bl -tag -width Ds -compact -offset indent
|
.Bl -tag -width Ds -compact -offset indent
|
||||||
.It +
|
.It +
|
||||||
Record successful events
|
Record successful events
|
||||||
@ -78,9 +82,9 @@ Record failed events
|
|||||||
.It ^
|
.It ^
|
||||||
Record both successful and failed events
|
Record both successful and failed events
|
||||||
.It ^+
|
.It ^+
|
||||||
Don't record successful events
|
Do not record successful events
|
||||||
.It ^-
|
.It ^-
|
||||||
Don't record failed events
|
Do not record failed events
|
||||||
.El
|
.El
|
||||||
.Sh DEFAULT
|
.Sh DEFAULT
|
||||||
The following settings appear in the default
|
The following settings appear in the default
|
||||||
@ -88,7 +92,7 @@ The following settings appear in the default
|
|||||||
file:
|
file:
|
||||||
.Bd -literal -offset indent
|
.Bd -literal -offset indent
|
||||||
dir:/var/audit
|
dir:/var/audit
|
||||||
flags:lo,ad,-all,^-fc,^-cl
|
flags:lo
|
||||||
minfree:20
|
minfree:20
|
||||||
naflags:lo
|
naflags:lo
|
||||||
.Ed
|
.Ed
|
||||||
@ -96,17 +100,16 @@ naflags:lo
|
|||||||
The
|
The
|
||||||
.Va flags
|
.Va flags
|
||||||
parameter above specifies the system-wide mask corresponding to login/logout
|
parameter above specifies the system-wide mask corresponding to login/logout
|
||||||
events, administrative events, and all failures except for failures in creating
|
events.
|
||||||
or closing files.
|
|
||||||
.Sh FILES
|
.Sh FILES
|
||||||
.Bl -tag -width "/etc/security/audit_control" -compact
|
.Bl -tag -width "/etc/security/audit_control" -compact
|
||||||
.It Pa /etc/security/audit_control
|
.It Pa /etc/security/audit_control
|
||||||
.El
|
.El
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr audit 1 ,
|
|
||||||
.Xr auditd 8 ,
|
|
||||||
.Xr audit_class 5 ,
|
.Xr audit_class 5 ,
|
||||||
.Xr audit_user 5
|
.Xr audit_user 5 ,
|
||||||
|
.Xr audit 8 ,
|
||||||
|
.Xr auditd 8
|
||||||
.Sh AUTHORS
|
.Sh AUTHORS
|
||||||
This software was created by McAfee Research, the security research division
|
This software was created by McAfee Research, the security research division
|
||||||
of McAfee, Inc., under contract to Apple Computer Inc.
|
of McAfee, Inc., under contract to Apple Computer Inc.
|
||||||
|
@ -25,9 +25,9 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#5 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#8 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd January 24, 2004
|
||||||
.Dt AUDIT_EVENT 5
|
.Dt AUDIT_EVENT 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -38,11 +38,15 @@ The
|
|||||||
.Nm
|
.Nm
|
||||||
file contains descriptions of the auditable events on the system.
|
file contains descriptions of the auditable events on the system.
|
||||||
Each line maps an audit event number to a name, a description, and a class.
|
Each line maps an audit event number to a name, a description, and a class.
|
||||||
Entries are of the form
|
Entries are of the form:
|
||||||
.Dl eventnum:eventname:description:eventclass .
|
.Pp
|
||||||
|
.Dl eventnum:eventname:description:eventclass
|
||||||
|
.Pp
|
||||||
Each
|
Each
|
||||||
.Vt eventclass
|
.Vt eventclass
|
||||||
should have a corresponding entry in the audit_class file.
|
should have a corresponding entry in the
|
||||||
|
.Pa audit_class
|
||||||
|
file.
|
||||||
See
|
See
|
||||||
.Xr audit_class 5
|
.Xr audit_class 5
|
||||||
for details.
|
for details.
|
||||||
|
@ -25,9 +25,9 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#5 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#7 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Jan 24, 2004
|
.Dd February 5, 2006
|
||||||
.Dt AUDIT_USER 5
|
.Dt AUDIT_USER 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -44,9 +44,11 @@ These settings take effect when the user logs in.
|
|||||||
.Pp
|
.Pp
|
||||||
Each line maps a user name to a list of classes that should be audited and a
|
Each line maps a user name to a list of classes that should be audited and a
|
||||||
list of classes that should not be audited.
|
list of classes that should not be audited.
|
||||||
Entries are of the form of
|
Entries are of the form:
|
||||||
.Dl username:alwaysaudit:neveraudit ,
|
.Pp
|
||||||
where
|
.Dl username:alwaysaudit:neveraudit
|
||||||
|
.Pp
|
||||||
|
In the format above,
|
||||||
.Vt alwaysaudit
|
.Vt alwaysaudit
|
||||||
is a set of event classes that are always audited, and
|
is a set of event classes that are always audited, and
|
||||||
.Vt neveraudit
|
.Vt neveraudit
|
||||||
@ -64,8 +66,8 @@ root:lo,ad:no
|
|||||||
jdoe:-fc,ad:+fw
|
jdoe:-fc,ad:+fw
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
These settings would cause login and administrative events that succeed on
|
These settings would cause login/logout and administrative events that
|
||||||
behalf of user root to be audited.
|
succeed on behalf of user root to be audited.
|
||||||
No failure events are audited.
|
No failure events are audited.
|
||||||
For the user
|
For the user
|
||||||
.Em jdoe ,
|
.Em jdoe ,
|
||||||
|
@ -25,9 +25,9 @@
|
|||||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#5 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#6 $
|
||||||
.\"
|
.\"
|
||||||
.Dd Mar 17, 2004
|
.Dd March 17, 2004
|
||||||
.Dt AUDIT_WARN 5
|
.Dt AUDIT_WARN 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -25,7 +25,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#6 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt AUDITON 2
|
.Dt AUDITON 2
|
||||||
@ -53,8 +53,9 @@ may be any of the following:
|
|||||||
.It Dv A_SETPOLICY
|
.It Dv A_SETPOLICY
|
||||||
Set audit policy flags.
|
Set audit policy flags.
|
||||||
.Ft *data
|
.Ft *data
|
||||||
must point to an long value set to one of the audit
|
must point to a long value set to one of the audit
|
||||||
policy control values defined in audit.h.
|
policy control values defined in
|
||||||
|
.Pa audit.h .
|
||||||
Currently, only
|
Currently, only
|
||||||
.Dv AUDIT_CNT
|
.Dv AUDIT_CNT
|
||||||
and
|
and
|
||||||
@ -83,7 +84,7 @@ These masks are used for non-attributable audit event preselection.
|
|||||||
.It Dv A_SETQCTRL
|
.It Dv A_SETQCTRL
|
||||||
Set kernel audit queue parameters.
|
Set kernel audit queue parameters.
|
||||||
.Ft *data
|
.Ft *data
|
||||||
must point to a
|
must point to a
|
||||||
.Ft au_qctrl_t
|
.Ft au_qctrl_t
|
||||||
structure containing the
|
structure containing the
|
||||||
kernel audit queue control settings:
|
kernel audit queue control settings:
|
||||||
@ -106,7 +107,7 @@ Return
|
|||||||
.It Dv A_SETCOND
|
.It Dv A_SETCOND
|
||||||
Set the current auditing condition.
|
Set the current auditing condition.
|
||||||
.Ft *data
|
.Ft *data
|
||||||
must point to an long value containing the new
|
must point to a long value containing the new
|
||||||
audit condition, one of
|
audit condition, one of
|
||||||
.Dv AUC_AUDITING ,
|
.Dv AUC_AUDITING ,
|
||||||
.Dv AUC_NOAUDIT ,
|
.Dv AUC_NOAUDIT ,
|
||||||
@ -115,13 +116,13 @@ or
|
|||||||
.It Dv A_SETCLASS
|
.It Dv A_SETCLASS
|
||||||
Set the event class preselection mask for an audit event.
|
Set the event class preselection mask for an audit event.
|
||||||
.Ft *data
|
.Ft *data
|
||||||
must point to a
|
must point to a
|
||||||
.Ft au_evclass_map_t
|
.Ft au_evclass_map_t
|
||||||
structure containing the audit event and mask.
|
structure containing the audit event and mask.
|
||||||
.It Dv A_SETPMASK
|
.It Dv A_SETPMASK
|
||||||
Set the preselection masks for a process.
|
Set the preselection masks for a process.
|
||||||
.Ft *data
|
.Ft *data
|
||||||
must point to a
|
must point to a
|
||||||
.Ft auditpinfo_t
|
.Ft auditpinfo_t
|
||||||
structure that contains the given process's audit
|
structure that contains the given process's audit
|
||||||
preselection masks for both success and failure.
|
preselection masks for both success and failure.
|
||||||
@ -167,7 +168,7 @@ the current kernel preselection masks for non-attributable events.
|
|||||||
.It Dv A_GETPOLICY
|
.It Dv A_GETPOLICY
|
||||||
Return the current audit policy setting.
|
Return the current audit policy setting.
|
||||||
.Ft *data
|
.Ft *data
|
||||||
must point to an long value which will be set to
|
must point to a long value which will be set to
|
||||||
one of the current audit policy flags.
|
one of the current audit policy flags.
|
||||||
Currently, only
|
Currently, only
|
||||||
.Dv AUDIT_CNT
|
.Dv AUDIT_CNT
|
||||||
@ -188,8 +189,8 @@ must point to a
|
|||||||
.Ft au_fstat_t
|
.Ft au_fstat_t
|
||||||
structure. The
|
structure. The
|
||||||
.Ft af_filesz
|
.Ft af_filesz
|
||||||
field will set to the maximum audit log file size. A value of 0
|
field will be set to the maximum audit log file size.
|
||||||
indicates no limit to the size.
|
A value of 0 indicates no limit to the size.
|
||||||
The
|
The
|
||||||
.Ft af_filesz
|
.Ft af_filesz
|
||||||
will be set to the current audit log file size.
|
will be set to the current audit log file size.
|
||||||
@ -227,7 +228,9 @@ trigger values:
|
|||||||
.Dv AUDIT_TRIGGER_OPEN_NEW
|
.Dv AUDIT_TRIGGER_OPEN_NEW
|
||||||
(open a new audit log file),
|
(open a new audit log file),
|
||||||
.Dv AUDIT_TRIGGER_READ_FILE
|
.Dv AUDIT_TRIGGER_READ_FILE
|
||||||
(read the audit_control file),
|
(read the
|
||||||
|
.Pa audit_control
|
||||||
|
file),
|
||||||
.Dv AUDIT_TRIGGER_CLOSE_AND_DIE
|
.Dv AUDIT_TRIGGER_CLOSE_AND_DIE
|
||||||
(close the current log file and exit),
|
(close the current log file and exit),
|
||||||
or
|
or
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#4 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#5 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt GETAUDIT 2
|
.Dt GETAUDIT 2
|
||||||
@ -50,7 +50,7 @@ retrieves extended state via
|
|||||||
and
|
and
|
||||||
.Va length .
|
.Va length .
|
||||||
.Pp
|
.Pp
|
||||||
This system call required appropriate privilege to complete.
|
This system call requires appropriate privilege to complete.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
.Nm
|
.Nm
|
||||||
returns 0 on success, or returns -1 on failure, providing additional error
|
returns 0 on success, or returns -1 on failure, providing additional error
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#4 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#5 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt GETAUID 2
|
.Dt GETAUID 2
|
||||||
@ -42,7 +42,7 @@ retrieves the active audit session ID for the current process via the
|
|||||||
pointed to by
|
pointed to by
|
||||||
.Va auid .
|
.Va auid .
|
||||||
.Pp
|
.Pp
|
||||||
This system call required appropriate privilege to complete.
|
This system call requires appropriate privilege to complete.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
.Nm
|
.Nm
|
||||||
returns 0 on success, or returns -1 on failure, providing additional error
|
returns 0 on success, or returns -1 on failure, providing additional error
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#4 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#5 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt SETAUDIT 2
|
.Dt SETAUDIT 2
|
||||||
@ -50,7 +50,7 @@ sets extended state via
|
|||||||
and
|
and
|
||||||
.Va length .
|
.Va length .
|
||||||
.Pp
|
.Pp
|
||||||
This system call required appropriate privilege to complete.
|
This system call requires appropriate privilege to complete.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
.Nm
|
.Nm
|
||||||
returns 0 on success, or returns -1 on failure, providing additional error
|
returns 0 on success, or returns -1 on failure, providing additional error
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#4 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#5 $
|
||||||
.\"
|
.\"
|
||||||
.Dd April 19, 2005
|
.Dd April 19, 2005
|
||||||
.Dt SETAUID 2
|
.Dt SETAUID 2
|
||||||
@ -42,7 +42,7 @@ sets the active audit session ID for the current process from the
|
|||||||
pointed to by
|
pointed to by
|
||||||
.Va auid .
|
.Va auid .
|
||||||
.Pp
|
.Pp
|
||||||
This system call required appropriate privilege to complete.
|
This system call requires appropriate privilege to complete.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
.Nm
|
.Nm
|
||||||
returns 0 on success, or returns -1 on failure, providing additional error
|
returns 0 on success, or returns -1 on failure, providing additional error
|
||||||
|
Loading…
Reference in New Issue
Block a user