diff options
| author | rwatson <rwatson@FreeBSD.org> | 2009-04-19 15:18:16 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2009-04-19 15:18:16 +0000 |
| commit | 54523de9b2bce64154b5be9c25e07f3c840f1144 (patch) | |
| tree | 22c3585be4b5eb8d78c909ee75f55b83ae7950f9 /man/auditon.2 | |
| parent | 7c0114b0370e5bc52bc1d0397cccf98036ec38e1 (diff) | |
| download | FreeBSD-src-54523de9b2bce64154b5be9c25e07f3c840f1144.zip FreeBSD-src-54523de9b2bce64154b5be9c25e07f3c840f1144.tar.gz | |
Vendor import of OpenBSM 1.1, which incorporates the following changes
since the last imported OpenBSM release:
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Diffstat (limited to 'man/auditon.2')
| -rw-r--r-- | man/auditon.2 | 66 |
1 files changed, 49 insertions, 17 deletions
diff --git a/man/auditon.2 b/man/auditon.2 index 9a0a9a1..e43debb 100644 --- a/man/auditon.2 +++ b/man/auditon.2 @@ -26,9 +26,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#15 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#16 $ .\" -.Dd July 10, 2008 +.Dd January 29, 2009 .Dt AUDITON 2 .Os .Sh NAME @@ -63,7 +63,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value set to one or more the following audit policy control values bitwise OR'ed together: .Dv AUDIT_CNT , @@ -93,9 +93,16 @@ is set, then the environment variables passed to the system call will be audited. The default policy is none of the audit policy control flags set. .It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Set the host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure containing the host IP address information. +After setting, audit records +that are created as a result of kernel events will contain +this information. .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). The @@ -156,6 +163,15 @@ If the value of free blocks falls below the configured minimum amount, the kernel informs the audit daemon about low disk space. The value is to be specified in percent of free file system blocks. A value of 0 results in a disabling of the check. +The default and maximum values (default/maximum) for the +audit queue control parameters are: +.Pp +.Bl -column aq_hiwater -offset indent -compact +.It aq_hiwater Ta 100/10000 (audit records) +.It aq_lowater Ta 10/aq_hiwater (audit records) +.It aq_bufsz Ta 32767/1048576 (bytes) +.It aq_delay Ta (Not currently used.) +.El .It Dv A_SETSTAT Return .Er ENOSYS . @@ -174,7 +190,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value containing the new audit condition, one of .Dv AUC_AUDITING , @@ -235,10 +251,6 @@ structure with the field set to the maximum audit log file size. A value of 0 indicates no limit to the size. -.It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. The @@ -250,9 +262,13 @@ structure. See the .Dv A_SETCLASS section above for more information. .It Dv A_GETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Get the current host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. .It Dv A_GETPINFO Return the audit settings for a process. The @@ -302,6 +318,22 @@ See the section above and .Xr getaudit 2 for more information. +.It Dv A_GETSINFO_ADDR +Return the extended audit settings for a session. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. +The audit session ID of the target session is passed +into the kernel using the +.Fa ai_asid +field. See +.Xr getaudit_addr 2 +for more information about the +.Vt auditinfo_addr_t +structure. .It Dv A_GETKMASK Return the current kernel preselection masks. The @@ -317,7 +349,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value which will be set to one of the current audit policy flags. The audit policy flags are @@ -377,7 +409,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value which will be set to the current audit condition, one of .Dv AUC_AUDITING , @@ -393,7 +425,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value set to one of the acceptable trigger values: .Dv AUDIT_TRIGGER_LOW_SPACE |
