auditd.c (162503) | auditd.c (162621) |
---|---|
1/* 2 * Copyright (c) 2004 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * @APPLE_BSD_LICENSE_HEADER_START@ 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * @APPLE_BSD_LICENSE_HEADER_END@ 32 * | 1/* 2 * Copyright (c) 2004 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * @APPLE_BSD_LICENSE_HEADER_START@ 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * @APPLE_BSD_LICENSE_HEADER_END@ 32 * |
33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $ | 33 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 $ |
34 */ 35 36#include <sys/types.h> 37#include <sys/dirent.h> 38#include <sys/mman.h> 39#include <sys/queue.h> 40#include <sys/stat.h> 41#include <sys/wait.h> --- 116 unchanged lines hidden (view full) --- 158 /* Rename the last file -- append timestamp. */ 159 if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) { 160 *ptr = '.'; 161 strcpy(ptr+1, TS); 162 if (rename(oldname, lastfile) != 0) 163 syslog(LOG_ERR, 164 "Could not rename %s to %s: %m", oldname, 165 lastfile); | 34 */ 35 36#include <sys/types.h> 37#include <sys/dirent.h> 38#include <sys/mman.h> 39#include <sys/queue.h> 40#include <sys/stat.h> 41#include <sys/wait.h> --- 116 unchanged lines hidden (view full) --- 158 /* Rename the last file -- append timestamp. */ 159 if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) { 160 *ptr = '.'; 161 strcpy(ptr+1, TS); 162 if (rename(oldname, lastfile) != 0) 163 syslog(LOG_ERR, 164 "Could not rename %s to %s: %m", oldname, 165 lastfile); |
166 else | 166 else { |
167 syslog(LOG_INFO, "renamed %s to %s", 168 oldname, lastfile); | 167 syslog(LOG_INFO, "renamed %s to %s", 168 oldname, lastfile); |
169 audit_warn_closefile(lastfile); 170 } |
|
169 } 170 free(lastfile); 171 free(oldname); 172 lastfile = NULL; 173 } 174 return (0); 175} 176 --- 545 unchanged lines hidden (view full) --- 722{ 723 au_event_ent_t ev, *evp; 724 au_evclass_map_t evc_map; 725 au_mask_t aumask; 726 int ctr = 0; 727 char naeventstr[NA_EVENT_STR_SIZE]; 728 char polstr[POL_STR_SIZE]; 729 long policy; | 171 } 172 free(lastfile); 173 free(oldname); 174 lastfile = NULL; 175 } 176 return (0); 177} 178 --- 545 unchanged lines hidden (view full) --- 724{ 725 au_event_ent_t ev, *evp; 726 au_evclass_map_t evc_map; 727 au_mask_t aumask; 728 int ctr = 0; 729 char naeventstr[NA_EVENT_STR_SIZE]; 730 char polstr[POL_STR_SIZE]; 731 long policy; |
732 au_fstat_t au_fstat; 733 size_t filesz; |
|
730 731 /* 732 * Process the audit event file, obtaining a class mapping for each 733 * event, and send that mapping into the kernel. 734 * 735 * XXX There's a risk here that the BSM library will return NULL 736 * for an event when it can't properly map it to a class. In that 737 * case, we will not process any events beyond the one that failed, --- 63 unchanged lines hidden (view full) --- 801 } else { 802 syslog(LOG_ERR, "Failed to obtain policy flags: %m"); 803 policy = AUDIT_CNT; 804 if (auditon(A_SETPOLICY, &policy, sizeof(policy))) 805 syslog(LOG_ERR, 806 "Failed to set default audit policy: %m"); 807 } 808 | 734 735 /* 736 * Process the audit event file, obtaining a class mapping for each 737 * event, and send that mapping into the kernel. 738 * 739 * XXX There's a risk here that the BSM library will return NULL 740 * for an event when it can't properly map it to a class. In that 741 * case, we will not process any events beyond the one that failed, --- 63 unchanged lines hidden (view full) --- 805 } else { 806 syslog(LOG_ERR, "Failed to obtain policy flags: %m"); 807 policy = AUDIT_CNT; 808 if (auditon(A_SETPOLICY, &policy, sizeof(policy))) 809 syslog(LOG_ERR, 810 "Failed to set default audit policy: %m"); 811 } 812 |
813 /* 814 * Set trail rotation size. 815 */ 816 if (getacfilesz(&filesz) == 0) { 817 bzero(&au_fstat, sizeof(au_fstat)); 818 au_fstat.af_filesz = filesz; 819 if (auditon(A_SETFSIZE, &au_fstat, sizeof(au_fstat)) < 0) 820 syslog(LOG_ERR, "Failed to set filesz: %m"); 821 } else 822 syslog(LOG_ERR, "Failed to obtain filesz: %m"); 823 |
|
809 return (0); 810} 811 812static void 813setup(void) 814{ 815 struct auditinfo ai; 816 auditinfo_t auinfo; --- 106 unchanged lines hidden --- | 824 return (0); 825} 826 827static void 828setup(void) 829{ 830 struct auditinfo ai; 831 auditinfo_t auinfo; --- 106 unchanged lines hidden --- |