| auditfilterd.8 (159248) | auditfilterd.8 (168777) |
|---|---|
| 1.\"- 2.\" Copyright (c) 2006 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" | 1.\"- 2.\" Copyright (c) 2006 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" |
| 26.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.8#2 $ | 26.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.8#4 $ |
| 27.\" | 27.\" |
| 28.Dd March 27, 2006 | 28.Dd October 3, 2006 |
| 29.Dt AUDITFILTERD 8 30.Os 31.Sh NAME 32.Nm auditfilterd 33.Nd audit filter daemon 34.Sh SYNOPSIS | 29.Dt AUDITFILTERD 8 30.Os 31.Sh NAME 32.Nm auditfilterd 33.Nd audit filter daemon 34.Sh SYNOPSIS |
| 35.Nm auditfilterd | 35.Nm |
| 36.Op Fl d 37.Op Fl c Ar conffile | 36.Op Fl d 37.Op Fl c Ar conffile |
| 38.Op Fl p Ar pipefile |
|
| 38.Op Fl t Ar trailfile 39.Sh DESCRIPTION 40The 41.Nm 42daemon is an extensible audit event monitoring daemon, allowing pluggable 43modules to track audit events from a live audit source. 44It is configured using the 45.Xr audit_filter 5 46configuration file. | 39.Op Fl t Ar trailfile 40.Sh DESCRIPTION 41The 42.Nm 43daemon is an extensible audit event monitoring daemon, allowing pluggable 44modules to track audit events from a live audit source. 45It is configured using the 46.Xr audit_filter 5 47configuration file. |
| 48The source can either be a pipe or a file. |
|
| 47.Pp 48The options are as follows: | 49.Pp 50The options are as follows: |
| 49.Bl -tag -width Ds 50.It Fl d 51Starts the daemon in debug mode - it will not daemonize. | 51.Bl -tag -width indent |
| 52.It Fl c Ar conffile 53Specify an alternative configuration file. | 52.It Fl c Ar conffile 53Specify an alternative configuration file. |
| 54.It Fl d 55Starts the daemon in debug mode \[em] it will not daemonize. 56.It Fl p Ar pipefile 57Specify a pipe as an alternative source of audit event records. 58Default is 59.Pa /dev/auditpipe . |
|
| 54.It Fl t Ar trailfile | 60.It Fl t Ar trailfile |
| 55Specify an alternative source of audit event records. | 61Specify a file as an alternative source of audit event records. |
| 56.El 57.Sh FILES | 62.El 63.Sh FILES |
| 58.Bl -tag -width "/etc/security/audit_filterd" -compact | 64.Bl -tag -width ".Pa /etc/security/audit_filterd" -compact |
| 59.It Pa /etc/security/audit_filterd 60Default configuration file for 61.Nm . 62.It Pa /dev/auditpipe 63Default audit record source for 64.Nm . 65.El 66.Sh SEE ALSO 67.Xr audit 8 , 68.Xr auditd 8 | 65.It Pa /etc/security/audit_filterd 66Default configuration file for 67.Nm . 68.It Pa /dev/auditpipe 69Default audit record source for 70.Nm . 71.El 72.Sh SEE ALSO 73.Xr audit 8 , 74.Xr auditd 8 |
| 69.Sh AUTHORS 70The 71.Nm 72daemon and audit filter APIs were created by Robert Watson. | |
| 73.Sh HISTORY 74The OpenBSM implementation was created by McAfee Research, the security | 75.Sh HISTORY 76The OpenBSM implementation was created by McAfee Research, the security |
| 75division of McAfee Inc., under contract to Apple Computer Inc. in 2004. | 77division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. |
| 76It was subsequently adopted by the TrustedBSD Project as the foundation for 77the OpenBSM distribution. | 78It was subsequently adopted by the TrustedBSD Project as the foundation for 79the OpenBSM distribution. |
| 80.Sh AUTHORS 81The 82.Nm 83daemon and audit filter APIs were created by 84.An Robert Watson . |
|