| audit.2 (155131) | audit.2 (168777) |
|---|---|
| 1.\"- 2.\" Copyright (c) 2005 Tom Rhodes 3.\" Copyright (c) 2005 Robert N. M. Watson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 10 unchanged lines hidden (view full) --- 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" | 1.\"- 2.\" Copyright (c) 2005 Tom Rhodes 3.\" Copyright (c) 2005 Robert N. M. Watson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 10 unchanged lines hidden (view full) --- 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" |
| 27.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#6 $ | 27.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#8 $ |
| 28.\" 29.Dd April 19, 2005 30.Dt AUDIT 2 31.Os 32.Sh NAME 33.Nm audit | 28.\" 29.Dd April 19, 2005 30.Dt AUDIT 2 31.Os 32.Sh NAME 33.Nm audit |
| 34.Nd "Commit a BSM audit record to the audit log" | 34.Nd "commit BSM audit record to audit log" |
| 35.Sh SYNOPSIS 36.In bsm/audit.h 37.Ft int 38.Fn audit "const char *record" "u_int length" 39.Sh DESCRIPTION | 35.Sh SYNOPSIS 36.In bsm/audit.h 37.Ft int 38.Fn audit "const char *record" "u_int length" 39.Sh DESCRIPTION |
| 40The |
|
| 40.Fn audit | 41.Fn audit |
| 42system call |
|
| 41submits a completed BSM audit record to the system audit log. 42.Pp | 43submits a completed BSM audit record to the system audit log. 44.Pp |
| 45The |
|
| 43.Fa record | 46.Fa record |
| 44is a pointer to the the specific event to be recorded and 45.Vt length | 47argument 48is a pointer to the specific event to be recorded and 49.Fa length |
| 46is the size in bytes of the data to be written. 47.Sh RETURN VALUES 48.Rv -std 49.Sh ERRORS 50The 51.Fn audit 52system call will fail and the data never written if: 53.Bl -tag -width Er 54.It Bq Er EFAULT 55The 56.Fa record 57argument is beyond the allocated address space of the process. 58.It Bq Er EINVAL 59The token ID is invalid or | 50is the size in bytes of the data to be written. 51.Sh RETURN VALUES 52.Rv -std 53.Sh ERRORS 54The 55.Fn audit 56system call will fail and the data never written if: 57.Bl -tag -width Er 58.It Bq Er EFAULT 59The 60.Fa record 61argument is beyond the allocated address space of the process. 62.It Bq Er EINVAL 63The token ID is invalid or |
| 60.Vt length | 64.Va length |
| 61is larger than | 65is larger than |
| 62.Vt MAXAUDITDATA . | 66.Dv MAXAUDITDATA . |
| 63.It Bq Er EPERM 64The process does not have sufficient permission to complete 65the operation. 66.El 67.Sh SEE ALSO 68.Xr auditon 2 , | 67.It Bq Er EPERM 68The process does not have sufficient permission to complete 69the operation. 70.El 71.Sh SEE ALSO 72.Xr auditon 2 , |
| 69.Xr getauid 2 , 70.Xr setauid 2 , | |
| 71.Xr getaudit 2 , | 73.Xr getaudit 2 , |
| 72.Xr setaudit 2 , | |
| 73.Xr getaudit_addr 2 , | 74.Xr getaudit_addr 2 , |
| 75.Xr getauid 2 , 76.Xr setaudit 2 , |
|
| 74.Xr setaudit_addr 2 , | 77.Xr setaudit_addr 2 , |
| 78.Xr setauid 2 , |
|
| 75.Xr libbsm 3 | 79.Xr libbsm 3 |
| 80.Sh HISTORY 81The OpenBSM implementation was created by McAfee Research, the security 82division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. 83It was subsequently adopted by the TrustedBSD Project as the foundation for 84the OpenBSM distribution. |
|
| 76.Sh AUTHORS | 85.Sh AUTHORS |
| 86.An -nosplit |
|
| 77This software was created by McAfee Research, the security research division 78of McAfee, Inc., under contract to Apple Computer Inc. | 87This software was created by McAfee Research, the security research division 88of McAfee, Inc., under contract to Apple Computer Inc. |
| 79Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. | 89Additional authors include 90.An Wayne Salamon , 91.An Robert Watson , 92and SPARTA Inc. |
| 80.Pp 81The Basic Security Module (BSM) interface to audit records and audit event 82stream format were defined by Sun Microsystems. 83.Pp 84This manual page was written by 85.An Tom Rhodes Aq trhodes@FreeBSD.org . | 93.Pp 94The Basic Security Module (BSM) interface to audit records and audit event 95stream format were defined by Sun Microsystems. 96.Pp 97This manual page was written by 98.An Tom Rhodes Aq trhodes@FreeBSD.org . |
| 86.Sh HISTORY 87The OpenBSM implementation was created by McAfee Research, the security 88division of McAfee Inc., under contract to Apple Computer Inc. in 2004. 89It was subsequently adopted by the TrustedBSD Project as the foundation for 90the OpenBSM distribution. | |
| 91.Sh BUGS 92The 93.Fx 94kernel does not fully validate that the argument passed is syntactically 95valid BSM. 96Submitting invalid audit records may corrupt the audit log. | 99.Sh BUGS 100The 101.Fx 102kernel does not fully validate that the argument passed is syntactically 103valid BSM. 104Submitting invalid audit records may corrupt the audit log. |