auditon.2 (155131) | auditon.2 (155364) |
---|---|
1.\"- 2.\" Copyright (c) 2005 Robert N. M. Watson 3.\" Copyright (c) 2005 Tom Rhodes 4.\" Copyright (c) 2005 Wayne J. Salamon 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions --- 11 unchanged lines hidden (view full) --- 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" | 1.\"- 2.\" Copyright (c) 2005 Robert N. M. Watson 3.\" Copyright (c) 2005 Tom Rhodes 4.\" Copyright (c) 2005 Wayne J. Salamon 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions --- 11 unchanged lines hidden (view full) --- 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" |
28.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#6 $ | 28.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $ |
29.\" 30.Dd April 19, 2005 31.Dt AUDITON 2 32.Os 33.Sh NAME 34.Nm auditon 35.Nd "Configure system audit parameters" 36.Sh SYNOPSIS --- 11 unchanged lines hidden (view full) --- 48.Em data 49in bytes. 50.Ft cmd 51may be any of the following: 52.Bl -tag -width ".It Dv A_GETPINFO_ADDR" 53.It Dv A_SETPOLICY 54Set audit policy flags. 55.Ft *data | 29.\" 30.Dd April 19, 2005 31.Dt AUDITON 2 32.Os 33.Sh NAME 34.Nm auditon 35.Nd "Configure system audit parameters" 36.Sh SYNOPSIS --- 11 unchanged lines hidden (view full) --- 48.Em data 49in bytes. 50.Ft cmd 51may be any of the following: 52.Bl -tag -width ".It Dv A_GETPINFO_ADDR" 53.It Dv A_SETPOLICY 54Set audit policy flags. 55.Ft *data |
56must point to an long value set to one of the audit 57policy control values defined in audit.h. | 56must point to a long value set to one of the audit 57policy control values defined in 58.Pa audit.h . |
58Currently, only 59.Dv AUDIT_CNT 60and 61.Dv AUDIT_AHLT 62are implemented. 63In the 64.Dv AUDIT_CNT 65case, the action will continue regardless if --- 12 unchanged lines hidden (view full) --- 78.Ft *data 79must point to a 80.Ft au_mask_t 81structure containing the mask values. 82These masks are used for non-attributable audit event preselection. 83.It Dv A_SETQCTRL 84Set kernel audit queue parameters. 85.Ft *data | 59Currently, only 60.Dv AUDIT_CNT 61and 62.Dv AUDIT_AHLT 63are implemented. 64In the 65.Dv AUDIT_CNT 66case, the action will continue regardless if --- 12 unchanged lines hidden (view full) --- 79.Ft *data 80must point to a 81.Ft au_mask_t 82structure containing the mask values. 83These masks are used for non-attributable audit event preselection. 84.It Dv A_SETQCTRL 85Set kernel audit queue parameters. 86.Ft *data |
86must point to a | 87must point to a |
87.Ft au_qctrl_t 88structure containing the 89kernel audit queue control settings: 90.Va high water , 91.Va low water , 92.Va output buffer size , 93.Va percent min free disk space , 94and --- 6 unchanged lines hidden (view full) --- 101Return 102.Er ENOSYS . 103.It Dv A_SETSMASK 104Return 105.Er ENOSYS . 106.It Dv A_SETCOND 107Set the current auditing condition. 108.Ft *data | 88.Ft au_qctrl_t 89structure containing the 90kernel audit queue control settings: 91.Va high water , 92.Va low water , 93.Va output buffer size , 94.Va percent min free disk space , 95and --- 6 unchanged lines hidden (view full) --- 102Return 103.Er ENOSYS . 104.It Dv A_SETSMASK 105Return 106.Er ENOSYS . 107.It Dv A_SETCOND 108Set the current auditing condition. 109.Ft *data |
109must point to an long value containing the new | 110must point to a long value containing the new |
110audit condition, one of 111.Dv AUC_AUDITING , 112.Dv AUC_NOAUDIT , 113or 114.Dv AUC_DISABLED . 115.It Dv A_SETCLASS 116Set the event class preselection mask for an audit event. 117.Ft *data | 111audit condition, one of 112.Dv AUC_AUDITING , 113.Dv AUC_NOAUDIT , 114or 115.Dv AUC_DISABLED . 116.It Dv A_SETCLASS 117Set the event class preselection mask for an audit event. 118.Ft *data |
118must point to a | 119must point to a |
119.Ft au_evclass_map_t 120structure containing the audit event and mask. 121.It Dv A_SETPMASK 122Set the preselection masks for a process. 123.Ft *data | 120.Ft au_evclass_map_t 121structure containing the audit event and mask. 122.It Dv A_SETPMASK 123Set the preselection masks for a process. 124.Ft *data |
124must point to a | 125must point to a |
125.Ft auditpinfo_t 126structure that contains the given process's audit 127preselection masks for both success and failure. 128.It Dv A_SETFSIZE 129Set the maximum size of the audit log file. 130.Ft *data 131must point to a 132.Ft au_fstat_t --- 29 unchanged lines hidden (view full) --- 162.Ft *data 163must point to a 164.Ft au_mask_t 165structure which will be set to 166the current kernel preselection masks for non-attributable events. 167.It Dv A_GETPOLICY 168Return the current audit policy setting. 169.Ft *data | 126.Ft auditpinfo_t 127structure that contains the given process's audit 128preselection masks for both success and failure. 129.It Dv A_SETFSIZE 130Set the maximum size of the audit log file. 131.Ft *data 132must point to a 133.Ft au_fstat_t --- 29 unchanged lines hidden (view full) --- 163.Ft *data 164must point to a 165.Ft au_mask_t 166structure which will be set to 167the current kernel preselection masks for non-attributable events. 168.It Dv A_GETPOLICY 169Return the current audit policy setting. 170.Ft *data |
170must point to an long value which will be set to | 171must point to a long value which will be set to |
171one of the current audit policy flags. 172Currently, only 173.Dv AUDIT_CNT 174and 175.Dv AUDIT_AHLT 176are implemented. 177.It Dv A_GETQCTRL 178Return the current kernel audit queue control parameters. --- 4 unchanged lines hidden (view full) --- 183kernel audit queue control parameters. 184.It Dv A_GETFSIZE 185Returns the maximum size of the audit log file. 186.Ft *data 187must point to a 188.Ft au_fstat_t 189structure. The 190.Ft af_filesz | 172one of the current audit policy flags. 173Currently, only 174.Dv AUDIT_CNT 175and 176.Dv AUDIT_AHLT 177are implemented. 178.It Dv A_GETQCTRL 179Return the current kernel audit queue control parameters. --- 4 unchanged lines hidden (view full) --- 184kernel audit queue control parameters. 185.It Dv A_GETFSIZE 186Returns the maximum size of the audit log file. 187.Ft *data 188must point to a 189.Ft au_fstat_t 190structure. The 191.Ft af_filesz |
191field will set to the maximum audit log file size. A value of 0 192indicates no limit to the size. | 192field will be set to the maximum audit log file size. 193A value of 0 indicates no limit to the size. |
193The 194.Ft af_filesz 195will be set to the current audit log file size. 196.It Dv A_GETCWD 197.\" [COMMENTED OUT]: Valid description, not yet implemented. 198.\" Return the current working directory as stored in the audit subsystem. 199Return 200.Er ENOSYS . --- 21 unchanged lines hidden (view full) --- 222.Fr *data 223must point to a long value set to one of the acceptable 224trigger values: 225.Dv AUDIT_TRIGGER_LOW_SPACE 226(low disk space where the audit log resides), 227.Dv AUDIT_TRIGGER_OPEN_NEW 228(open a new audit log file), 229.Dv AUDIT_TRIGGER_READ_FILE | 194The 195.Ft af_filesz 196will be set to the current audit log file size. 197.It Dv A_GETCWD 198.\" [COMMENTED OUT]: Valid description, not yet implemented. 199.\" Return the current working directory as stored in the audit subsystem. 200Return 201.Er ENOSYS . --- 21 unchanged lines hidden (view full) --- 223.Fr *data 224must point to a long value set to one of the acceptable 225trigger values: 226.Dv AUDIT_TRIGGER_LOW_SPACE 227(low disk space where the audit log resides), 228.Dv AUDIT_TRIGGER_OPEN_NEW 229(open a new audit log file), 230.Dv AUDIT_TRIGGER_READ_FILE |
230(read the audit_control file), | 231(read the 232.Pa audit_control 233file), |
231.Dv AUDIT_TRIGGER_CLOSE_AND_DIE 232(close the current log file and exit), 233or 234.Dv AUDIT_TRIGGER_NO_SPACE 235(no disk space left for audit log file). 236.El 237.Sh RETURN VALUES 238.Rv -std --- 50 unchanged lines hidden --- | 234.Dv AUDIT_TRIGGER_CLOSE_AND_DIE 235(close the current log file and exit), 236or 237.Dv AUDIT_TRIGGER_NO_SPACE 238(no disk space left for audit log file). 239.El 240.Sh RETURN VALUES 241.Rv -std --- 50 unchanged lines hidden --- |