Manual Pages for UNIX Darwin command on man auditon
MyWebUniversity

Manual Pages for UNIX Darwin command on man auditon

AUDITON(2) BSD System Calls Manual AUDITON(2)



NAME
     aauuddiittoonn - configure the current audit parameters on the system



SYNOPSIS
     ##iinncclluuddee <>


     int
     aauuddiittoonn(int cmd, void * data, int length);


DESCRIPTION
     The aauuddiittoonn() function manipulates various audit parameters. The data
     argument points to the appropriate structure from the header file.
     Length is the size of the data parameter in bytes. It will typically be
     the sizeof the the structure.

PPAARRAAMMEETTEERRSS
     AGETPOLICY        Get the current audit policy.  Data should point to a

                        long. The policy is the bitwise OR'ing of the appro-

                        priate flags from bsm/audit.h.  If AUDITAHLT is set,
                        the system will kernel panic if it cannot write to the
                        global audit trail.  If AUDITCNT is not set and the
                        system becomes low on space, audited events will block
                        until the low space condition is remedied.  Unaudited
                        events are unaffected. The other policy flags are not
                        implemented.

     ASETPOLICY        Set the current audit policy.  Data should point to a
                        long specifying the desired audit policy, as described
                        in AGETPOLICY.

     AGETKMASK         Get the current value of the audit preselection mask

                        for non-attributable events.  Data should point to an

                        aumaskt.  The field amsuccess specifies which
                        classes of successful audit events are to be logged to
                        the audit trail. The field amfailure specifies which
                        classes of failed audit events are to be logged. The
                        value of both fields is the bitwise OR'ing of the
                        event classes specified in bsm/audit.h.  The various
                        audit classes are described more fully in
                        auditclass(5).

     ASETKMASK         Set the current value of the audit preselection mask

                        for non-attributable events.  Data should point to an

                        aumaskt.  The masks are defined as described in
                        AGETKMASK.


     AGETQCTRL         Get the current settings for the audit queue (specify-

                        ing in kernel buffer size, percentage of free filesys-

                        tem blocks, and limits to the number of audit records
                        allowed).  Data should point to an auqctrlt.

     ASETQCTRL         Set the current settings for the audit queue.  Data
                        should point to an auqctrlt.

     AGETCOND          Gets the current condition of the auditing subsystem.

                        If the value is AUCAUDITING, then the audit implemen-

                        tation is currently running. If the value is AUCNOAU-

                        DIT then the audit implementation is currently turned
                        off.  Data should point to a long.

     ASETCOND          Sets the condition of the auditing subsystem. If

                        AUCNOAUDIT is set, then auditing is temporarily sus-

                        pended. If AUCAUDITING is set, auditing is resumed.

                        If AUCDISABLED is set, the auditing system will shut-

                        down, draining all audit records and closing out the

                        audit trail file.  To re-enable auditing, a call to

                        auditctl is required in addition to setting the condi-

                        tion to AUCAUDITING.  Data should point to a long.

     AGETCLASS         Returns the audit class for the specified audit event.
                        Data should point to a auevclassmapt.

     ASETCLASS         Sets the audit class for the specified audit event.
                        Data should point to a auevclassmapt.

     AGETPINFO         Returns the audit information stored in the credential
                        for the current process.  Data should point to a
                        auditpinfot.

     ASETPMASK         Sets the audit settings for a process. The audit user
                        ID, preselection masks for both success and failure,
                        and terminal IDs must be set.  Data should point to a
                        auditpinfot struct.

     ASETFSIZE         Set the limit on audit trail file size. File size is
                        in bytes. The file size specified is treated as an
                        advisory limit. The system will make a best effort
                        attempt to rotate log files before they exceed the
                        requested maximum size, but makes no guarantees on log
                        file size Data should point to a aufstatt struct.
                        The affilesz field is used to specify the new file
                        size, which must be greater than MINAUDITFILESIZE.
                        A value of 0 indicates no limit on the audit trail's
                        size. The afcurrsz field is ignored. A errno value of
                        EINVAL indicates a maximum file size that is too
                        small.

     AGETFSIZE         Return the maximum allowable size of the audit trail,
                        and the current size of the audit trail.  Data should
                        point to a aufstatt struct.

     AGETPINFOADDR    Not implemented, returns ENOSYS.

     AGETKAUDIT        Not implemented, returns ENOSYS.

     ASETKAUDIT        Not implemented, returns ENOSYS.


RETURN VALUES
     Upon successful completion a value of 0 is returned.  Otherwise, a value

     of -1 is returned and errno is set to indicate the error.


EERRRROORRSS
     Errors are specific to the operation requested. In addition, rhe
     aauuddiittoonn() system call will fail if:

     [EINVAL]           Length is less than or equal to zero, or if it is
                        greater than any of the expected structures.


SEE ALSO
     audit(2), auditctl(2), getauid(2), setauid(2), getaudit(2), setaudit(2),
     getauditaddr(2), setauditaddr(2), auditclass(5)

HISTORY     The aauuddiittoonn() function call first appeared in Mac OS X 10.3 (Panther).

Darwin                           July 30, 2007                          Darwin



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™