auditpipe.4 (206622) | auditpipe.4 (267938) |
---|---|
1.\" Copyright (c) 2006 Robert N. M. Watson 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" | 1.\" Copyright (c) 2006 Robert N. M. Watson 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" |
25.\" $FreeBSD: head/share/man/man4/auditpipe.4 206622 2010-04-14 19:08:06Z uqs $ | 25.\" $FreeBSD: head/share/man/man4/auditpipe.4 267938 2014-06-26 21:46:14Z bapt $ |
26.\" 27.Dd May 5, 2006 28.Dt AUDITPIPE 4 29.Os 30.Sh NAME 31.Nm auditpipe 32.Nd "pseudo-device for live audit event tracking" 33.Sh SYNOPSIS --- 195 unchanged lines hidden (view full) --- 229division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. 230It was subsequently adopted by the TrustedBSD Project as the foundation for 231the OpenBSM distribution. 232.Pp 233Support for kernel audit first appeared in 234.Fx 6.2 . 235.Sh AUTHORS 236The audit pipe facility was designed and implemented by | 26.\" 27.Dd May 5, 2006 28.Dt AUDITPIPE 4 29.Os 30.Sh NAME 31.Nm auditpipe 32.Nd "pseudo-device for live audit event tracking" 33.Sh SYNOPSIS --- 195 unchanged lines hidden (view full) --- 229division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. 230It was subsequently adopted by the TrustedBSD Project as the foundation for 231the OpenBSM distribution. 232.Pp 233Support for kernel audit first appeared in 234.Fx 6.2 . 235.Sh AUTHORS 236The audit pipe facility was designed and implemented by |
237.An Robert Watson Aq rwatson@FreeBSD.org . | 237.An Robert Watson Aq Mt rwatson@FreeBSD.org . |
238.Pp 239The Basic Security Module (BSM) interface to audit records and audit event 240stream format were defined by Sun Microsystems. 241.Sh BUGS 242See the 243.Xr audit 4 244manual page for information on audit-related bugs and limitations. 245.Pp 246The configurable preselection mechanism mirrors the selection model present 247for the global audit trail. 248It might be desirable to provided a more flexible selection model. 249.Pp 250The per-pipe audit event queue is fifo, with drops occurring if either the 251user thread provides in sufficient for the record on the queue head, or on 252enqueue if there is insufficient room. 253It might be desirable to support partial reads of records, which would be 254more compatible with buffered I/O as implemented in system libraries, and to 255allow applications to select which records are dropped, possibly in the style 256of preselection. | 238.Pp 239The Basic Security Module (BSM) interface to audit records and audit event 240stream format were defined by Sun Microsystems. 241.Sh BUGS 242See the 243.Xr audit 4 244manual page for information on audit-related bugs and limitations. 245.Pp 246The configurable preselection mechanism mirrors the selection model present 247for the global audit trail. 248It might be desirable to provided a more flexible selection model. 249.Pp 250The per-pipe audit event queue is fifo, with drops occurring if either the 251user thread provides in sufficient for the record on the queue head, or on 252enqueue if there is insufficient room. 253It might be desirable to support partial reads of records, which would be 254more compatible with buffered I/O as implemented in system libraries, and to 255allow applications to select which records are dropped, possibly in the style 256of preselection. |