Cross Reference: /freebsd-11.0-release/contrib/openbsm/man/auditon.2

Deleted Added

sdiff udiff text old ( 155131 ) new ( 155364 )

full compact

1.\"-
2.\" Copyright (c) 2005 Robert N. M. Watson
3.\" Copyright (c) 2005 Tom Rhodes
4.\" Copyright (c) 2005 Wayne J. Salamon
5.\" All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions

--- 11 unchanged lines hidden (view full) ---

20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"

28.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#6 $

28.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $

29.\"
30.Dd April 19, 2005
31.Dt AUDITON 2
32.Os
33.Sh NAME
34.Nm auditon
35.Nd "Configure system audit parameters"
36.Sh SYNOPSIS

--- 11 unchanged lines hidden (view full) ---

48.Em data
49in bytes.
50.Ft cmd
51may be any of the following:
52.Bl -tag -width ".It Dv A_GETPINFO_ADDR"
53.It Dv A_SETPOLICY
54Set audit policy flags.
55.Ft *data

56must point to an long value set to one of the audit
57policy control values defined in audit.h.

56must point to a long value set to one of the audit
57policy control values defined in
58.Pa audit.h .

59Currently, only
60.Dv AUDIT_CNT
61and
62.Dv AUDIT_AHLT
63are implemented.
64In the
65.Dv AUDIT_CNT
66case, the action will continue regardless if

--- 12 unchanged lines hidden (view full) ---

79.Ft *data
80must point to a
81.Ft au_mask_t
82structure containing the mask values.
83These masks are used for non-attributable audit event preselection.
84.It Dv A_SETQCTRL
85Set kernel audit queue parameters.
86.Ft *data

86must point to a

87must point to a

88.Ft au_qctrl_t
89structure containing the
90kernel audit queue control settings:
91.Va high water ,
92.Va low water ,
93.Va output buffer size ,
94.Va percent min free disk space ,
95and

--- 6 unchanged lines hidden (view full) ---

102Return
103.Er ENOSYS .
104.It Dv A_SETSMASK
105Return
106.Er ENOSYS .
107.It Dv A_SETCOND
108Set the current auditing condition.
109.Ft *data

~~109~~must point to an long value containing the new

110must point to a long value containing the new

111audit condition, one of
112.Dv AUC_AUDITING ,
113.Dv AUC_NOAUDIT ,
114or
115.Dv AUC_DISABLED .
116.It Dv A_SETCLASS
117Set the event class preselection mask for an audit event.
118.Ft *data

~~118~~must point to a

119must point to a

120.Ft au_evclass_map_t
121structure containing the audit event and mask.
122.It Dv A_SETPMASK
123Set the preselection masks for a process.
124.Ft *data

~~124~~must point to a

125must point to a

126.Ft auditpinfo_t
127structure that contains the given process's audit
128preselection masks for both success and failure.
129.It Dv A_SETFSIZE
130Set the maximum size of the audit log file.
131.Ft *data
132must point to a
133.Ft au_fstat_t

--- 29 unchanged lines hidden (view full) ---

163.Ft *data
164must point to a
165.Ft au_mask_t
166structure which will be set to
167the current kernel preselection masks for non-attributable events.
168.It Dv A_GETPOLICY
169Return the current audit policy setting.
170.Ft *data

~~170~~must point to an long value which will be set to

171must point to a long value which will be set to

172one of the current audit policy flags.
173Currently, only
174.Dv AUDIT_CNT
175and
176.Dv AUDIT_AHLT
177are implemented.
178.It Dv A_GETQCTRL
179Return the current kernel audit queue control parameters.

--- 4 unchanged lines hidden (view full) ---

184kernel audit queue control parameters.
185.It Dv A_GETFSIZE
186Returns the maximum size of the audit log file.
187.Ft *data
188must point to a
189.Ft au_fstat_t
190structure. The
191.Ft af_filesz

~~191~~field will set to the maximum audit log file size. A value of 0
~~192~~indicates no limit to the size.

192field will be set to the maximum audit log file size.
193A value of 0 indicates no limit to the size.

194The
195.Ft af_filesz
196will be set to the current audit log file size.
197.It Dv A_GETCWD
198.\" [COMMENTED OUT]: Valid description, not yet implemented.
199.\" Return the current working directory as stored in the audit subsystem.
200Return
201.Er ENOSYS .

--- 21 unchanged lines hidden (view full) ---

223.Fr *data
224must point to a long value set to one of the acceptable
225trigger values:
226.Dv AUDIT_TRIGGER_LOW_SPACE
227(low disk space where the audit log resides),
228.Dv AUDIT_TRIGGER_OPEN_NEW
229(open a new audit log file),
230.Dv AUDIT_TRIGGER_READ_FILE

~~230~~(read the audit_control file),

231(read the
232.Pa audit_control
233file),

234.Dv AUDIT_TRIGGER_CLOSE_AND_DIE
235(close the current log file and exit),
236or
237.Dv AUDIT_TRIGGER_NO_SPACE
238(no disk space left for audit log file).
239.El
240.Sh RETURN VALUES
241.Rv -std

--- 50 unchanged lines hidden ---