Home       About Us       Services       Order       Contact       Support   




auditon

Command: man perldoc info search(apropos)  

AUDITON(2) FreeBSD System Calls Manual AUDITON(2)

NAME
auditon -- Configure system audit parameters

SYNOPSIS
#include <bsm/audit.h>

int
auditon(int cmd, void *data, u_int length);

DESCRIPTION
The auditon system call is used to manipulate various audit control oper-
ations. *data should point to a structure whose type depends on the com-
mand. length specifies the size of the data in bytes. cmd may be any of
the following:

A_SETPOLICY Set audit policy flags. *data must point to a long
value set to one of the audit policy control values
defined in audit.h. Currently, only AUDIT_CNT and
AUDIT_AHLT are implemented. In the AUDIT_CNT case, the
action will continue regardless if an event will not be
audited. In the AUDIT_AHLT case, a panic(9) will result
if an event will not be written to the audit log file.

A_SETKAUDIT Return ENOSYS.

A_SETKMASK Set the kernel preselection masks (success and failure).
*data must point to a au_mask_t structure containing the
mask values. These masks are used for non-attributable
audit event preselection.

A_SETQCTRL Set kernel audit queue parameters. *data must point to
a au_qctrl_t structure containing the kernel audit queue
control settings: high water, low water, output buffer
size, percent min free disk space, and delay (not cur-
rently used).

A_SETSTAT Return ENOSYS.

A_SETUMASK Return ENOSYS.

A_SETSMASK Return ENOSYS.

A_SETCOND Set the current auditing condition. *data must point to
a long value containing the new audit condition, one of
AUC_AUDITING, AUC_NOAUDIT, or AUC_DISABLED.

A_SETCLASS Set the event class preselection mask for an audit
event. *data must point to a au_evclass_map_t structure
containing the audit event and mask.

A_SETPMASK Set the preselection masks for a process. *data must
point to a auditpinfo_t structure that contains the
given process's audit preselection masks for both suc-
cess and failure.

A_SETFSIZE Set the maximum size of the audit log file. *data must
point to a au_fstat_t structure with the af_filesz field
set to the maximum audit log file size. A value of 0
indicates no limit to the size.

A_SETKAUDIT Return ENOSYS.

A_GETCLASS Return the event to class mapping for the designated
audit event. *data must point to a au_evclass_map_t
structure.

A_GETKAUDIT Return ENOSYS.

A_GETPINFO Return the audit settings for a process. *data must
point to a auditpinfo_t structure which will be set to
contain the audit ID, preselection mask, terminal ID,
and audit session ID of the given process.

A_GETPINFO_ADDR Return ENOSYS.

A_GETKMASK Return the current kernel preselection masks. *data
must point to a au_mask_t structure which will be set to
the current kernel preselection masks for non-attribut-
able events.

A_GETPOLICY Return the current audit policy setting. *data must
point to a long value which will be set to one of the
current audit policy flags. Currently, only AUDIT_CNT
and AUDIT_AHLT are implemented.

A_GETQCTRL Return the current kernel audit queue control parame-
ters. *data must point to a au_qctrl_t structure which
will be set to the current kernel audit queue control
parameters.

A_GETFSIZE Returns the maximum size of the audit log file. *data
must point to a au_fstat_t structure. The af_filesz
field will be set to the maximum audit log file size. A
value of 0 indicates no limit to the size. The
af_currsz will be set to the current audit log file
size.

A_GETCWD Return ENOSYS.

A_GETCAR Return ENOSYS.

A_GETSTAT Return ENOSYS.

A_GETCOND Return the current auditing condition. *data must point
to a long value which will be set to the current audit
condition, either AUC_AUDITING or AUC_NOAUDIT.

A_SENDTRIGGER Send a trigger to the audit daemon. *data must point to
a long value set to one of the acceptable trigger val-
ues: AUDIT_TRIGGER_LOW_SPACE (low disk space where the
audit log resides), AUDIT_TRIGGER_OPEN_NEW (open a new
audit log file), AUDIT_TRIGGER_READ_FILE (read the
audit_control file), AUDIT_TRIGGER_CLOSE_AND_DIE (close
the current log file and exit), or
AUDIT_TRIGGER_NO_SPACE (no disk space left for audit log
file).

RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the
value -1 is returned and the global variable errno is set to indicate the
error.

ERRORS
The auditon() function will fail if:

[ENOSYS] Returned by options not yet implemented.

[EFAULT] A failure occurred while data transferred to or from
the kernel failed.

[EINVAL] Illegal argument was passed by a system call.

[EPERM] The process does not have sufficient permission to
complete the operation.

The A_SENDTRIGGER command is specific to the FreeBSD and Mac OS X imple-
mentations, and is not present in Solaris.

SEE ALSO
audit(2), auditctl(2), getauid(2), setauid(2), getaudit(2), setaudit(2),
getaudit_addr(2), setaudit_addr(2), libbsm(3)

AUTHORS
This software was created by McAfee Research, the security research divi-
sion of McAfee, Inc., under contract to Apple Computer Inc. Additional
authors include Wayne Salamon, Robert Watson, and SPARTA Inc.

The Basic Security Module (BSM) interface to audit records and audit
event stream format were defined by Sun Microsystems.

This manual page was written by Tom Rhodes <trhodesATFreeBSD.org>,
Robert Watson <rwatsonATFreeBSD.org>, and
Wayne Salamon <wsalamonATFreeBSD.org>.

HISTORY
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer Inc. in 2003.
It was subsequently adopted by the TrustedBSD Project as the foundation
for the OpenBSM distribution.

FreeBSD 6.2 April 19, 2005 FreeBSD 6.2

Copyright ©2006 TheBestISP.com

Home        About Us        Services        Contact        Support        FreeBSD Manual