1/*
2 * Copyright (c) 2004 Apple Computer, Inc.
3 * All rights reserved.
4 *
5 * @APPLE_BSD_LICENSE_HEADER_START@
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 16 unchanged lines hidden (view full) ---
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 * @APPLE_BSD_LICENSE_HEADER_END@
32 *
33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $
34 */
35
36#include <sys/types.h>
37#include <sys/dirent.h>
38#include <sys/mman.h>
39#include <sys/queue.h>
40#include <sys/stat.h>
41#include <sys/wait.h>
--- 116 unchanged lines hidden (view full) ---
158 /* Rename the last file -- append timestamp. */
159 if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) {
160 *ptr = '.';
161 strcpy(ptr+1, TS);
162 if (rename(oldname, lastfile) != 0)
163 syslog(LOG_ERR,
164 "Could not rename %s to %s: %m", oldname,
165 lastfile);
166 else
167 syslog(LOG_INFO, "renamed %s to %s",
168 oldname, lastfile);
169 }
170 free(lastfile);
171 free(oldname);
172 lastfile = NULL;
173 }
174 return (0);
175}
176
--- 545 unchanged lines hidden (view full) ---
722{
723 au_event_ent_t ev, *evp;
724 au_evclass_map_t evc_map;
725 au_mask_t aumask;
726 int ctr = 0;
727 char naeventstr[NA_EVENT_STR_SIZE];
728 char polstr[POL_STR_SIZE];
729 long policy;
730
731 /*
732 * Process the audit event file, obtaining a class mapping for each
733 * event, and send that mapping into the kernel.
734 *
735 * XXX There's a risk here that the BSM library will return NULL
736 * for an event when it can't properly map it to a class. In that
737 * case, we will not process any events beyond the one that failed,
--- 63 unchanged lines hidden (view full) ---
801 } else {
802 syslog(LOG_ERR, "Failed to obtain policy flags: %m");
803 policy = AUDIT_CNT;
804 if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
805 syslog(LOG_ERR,
806 "Failed to set default audit policy: %m");
807 }
808
809 return (0);
810}
811
812static void
813setup(void)
814{
815 struct auditinfo ai;
816 auditinfo_t auinfo;
--- 106 unchanged lines hidden ---
2 * Copyright (c) 2004 Apple Computer, Inc.
3 * All rights reserved.
4 *
5 * @APPLE_BSD_LICENSE_HEADER_START@
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 16 unchanged lines hidden (view full) ---
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 * @APPLE_BSD_LICENSE_HEADER_END@
32 *
33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $
34 */
35
36#include <sys/types.h>
37#include <sys/dirent.h>
38#include <sys/mman.h>
39#include <sys/queue.h>
40#include <sys/stat.h>
41#include <sys/wait.h>
--- 116 unchanged lines hidden (view full) ---
158 /* Rename the last file -- append timestamp. */
159 if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) {
160 *ptr = '.';
161 strcpy(ptr+1, TS);
162 if (rename(oldname, lastfile) != 0)
163 syslog(LOG_ERR,
164 "Could not rename %s to %s: %m", oldname,
165 lastfile);
166 else
167 syslog(LOG_INFO, "renamed %s to %s",
168 oldname, lastfile);
169 }
170 free(lastfile);
171 free(oldname);
172 lastfile = NULL;
173 }
174 return (0);
175}
176
--- 545 unchanged lines hidden (view full) ---
722{
723 au_event_ent_t ev, *evp;
724 au_evclass_map_t evc_map;
725 au_mask_t aumask;
726 int ctr = 0;
727 char naeventstr[NA_EVENT_STR_SIZE];
728 char polstr[POL_STR_SIZE];
729 long policy;
730
731 /*
732 * Process the audit event file, obtaining a class mapping for each
733 * event, and send that mapping into the kernel.
734 *
735 * XXX There's a risk here that the BSM library will return NULL
736 * for an event when it can't properly map it to a class. In that
737 * case, we will not process any events beyond the one that failed,
--- 63 unchanged lines hidden (view full) ---
801 } else {
802 syslog(LOG_ERR, "Failed to obtain policy flags: %m");
803 policy = AUDIT_CNT;
804 if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
805 syslog(LOG_ERR,
806 "Failed to set default audit policy: %m");
807 }
808
809 return (0);
810}
811
812static void
813setup(void)
814{
815 struct auditinfo ai;
816 auditinfo_t auinfo;
--- 106 unchanged lines hidden ---