audcntl man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

audcntl(2)							    audcntl(2)

NAME
       audcntl - audit control

SYNOPSIS
       #include <sys/audit.h>

       audcntl(
	       int request,
	       char *argp,
	       int len,
	       int flag,
	       uid_t audit_id,
	       pid_t pid );

DESCRIPTION
       The  audcntl  system  call  provides  control over flags offered by the
       audit subsystem. All requests, except where otherwise noted, are privi‐
       leged.  The following list describes the requests: The system auditmask
       (along with the process auditmask) determines which system  events  are
       logged.	 GET_SYS_AMASK	copies	the  system  auditmask	into  a buffer
       pointed to by argp.  SET_SYS_AMASK copies from a buffer pointed	to  by
       argp  into  the system auditmask.  Each of these operations returns the
       number of bytes transferred between the user's buffer  and  the	audit‐
       mask.  The len argument is the size of the user's buffer. The amount of
       data moved between the auditmask and the user's buffer is  the  smaller
       of  the	auditmask  size	 and  the  buffer size.	 The trusted auditmask
       (along with the process auditmask) determines which trusted events  are
       logged.	 GET_TRUSTED_AMASK  copies the trusted auditmask into a buffer
       pointed to by argp.  SET_TRUSTED_AMASK copies from a buffer pointed  to
       by  argp	 into  the trusted auditmask. Each of these operations returns
       the number of bytes transferred	between	 the  user's  buffer  and  the
       auditmask.  The	len  argument  is  the size of the user's buffer.  The
       amount of data moved between the auditmask and the user's buffer is the
       smaller	of the auditmask size and the buffer size.  The process audit‐
       mask determines (along with the system masks) which system  events  and
       trusted	events	are  logged  for  the current process.	GET_PROC_AMASK
       copies the process auditmask into a buffer pointed  to  by  argp.   The
       size of the process auditmask is AUDIT_MASK_LEN, and contains a syscall
       mask followed by a trusted event mask.  SET_PROC_AMASK copies the  val‐
       ues  from  a buffer pointed to by argp into the process auditmask. Each
       of these operations returns the number of bytes transferred between the
       user's buffer and the auditmask.	 Len is the size of the user's buffer.
       The amount of data moved between the auditmask and the user's buffer is
       the  smaller of the auditmask size and the buffer size.	GET_PROC_ACNTL
       returns the audit control flags	(the  audcntl  flag)  of  the  current
       process	(see  audit.h). Audit control flags determine whether auditing
       for the process is on or off, and if on, how  the  system  and  process
       auditmask are combined. A value of AUDIT_OFF indicates audit is off for
       that process. A value of AUDIT_AND or AUDIT_OR indicates that a logical
       AND  or	a logical OR of the process and the system auditmasks has been
       performed. A value of AUDIT_USR indicates the process auditmask is used
       for  that  process;  the	 system	 auditmask is ignored.	SET_PROC_ACNTL
       assigns the values of the audit control flags from flag and returns the
       previous	 values of the audit control flags.  GET_AUDSWITCH returns the
       value of the system audit switch. A return value of 1 indicates	audit‐
       ing  is	turned	on.  A value of zero indicates auditing is turned off.
       SET_AUDSWITCH assigns the value of flag to the system audit switch  and
       returns	the  previous  audit switch value. A value of 1 turns auditing
       on.  A value of zero turns auditing off.	 Flushes the kernel audit buf‐
       fer  to	/dev/audit. In a cluster, /dev/audit is a CDSL (context depen‐
       dent symbolic link).  Not supported.  The system	 auditing  style  sup‐
       ports  various  flags  to  control  how	much additional information is
       recorded in some audited operations.  GET_AUDSTYLE returns the  current
       value  of  the system audstyle flag.  SET_AUDSTYLE sets the system aud‐
       style flag to the value of flag, and returns the previous value of  the
       audstyle	 flag.	 A flag value of AUD_EXEC_ARGP enables the auditing of
       the  argument  list  to	the  exec  system  calls.  A  flag  value   of
       AUD_EXEC_ENVP  enables  the  auditing of the environment strings to the
       exec system calls.  AUD_LOGIN_UNAME enables the auditing of  the	 user‐
       name  in	 records  for  failed login attempts. A logical OR can be per‐
       formed on flag values.  The site	 mask  determines  which  site-defined
       events  are  logged.   GET_SITEMASK  copies the site mask into a buffer
       pointed at by argp.  SET_SITEMASK copies from a buffer  pointed	at  by
       argp into the site mask. Each of these operations returns the number of
       bytes transferred between the user's buffer and the site mask. The  len
       argument	 is  the  size of the user's buffer.  The amount of data moved
       between the site mask and the user's buffer is the smaller of the  site
       mask  size and the buffer size.	Update the auditmask flag, the audcntl
       flag, or both for the specified process or set of processes.  The  argp
       parameter  contains  the	 new  auditmask; len is the size of the user's
       buffer.	A len value of 0 will not modify the  target  process'	audit‐
       mask.  The  flag	 parameter,  if not -1, contains the new audcntl flag.
       The process ID (pid), if not  0,	 specifies  the	 target	 process.  The
       audit_id	 parameter,  if	 not AUID_INVAL, specifies the set of all pro‐
       cesses with that audit_id.  GET_HABITAT_EVENT gets the  "habitat/system
       call"  name  and auditmask bits for a specified system call number. The
       flag parameter is the system call number. The argp parameter points  to
       a  user buffer of size len into which the "habitat/system call" name is
       placed. The return value is the auditmask bits, which indicate  whether
       successful occurrences, failed occurrences, or both of this system call
       are logged.  SET_HABITAT_EVENT sets the auditmask bits for  the	speci‐
       fied  "habitat/system  call"  name. The argp parameter points to a user
       buffer of size len which specifies the habitat  name  and  system  call
       name  (for example, SystemV/unlink). The flag parameter is the new set‐
       ting for the auditmask bits for this system call. Note that these flags
       apply only to system calls in the alternate habitats.  Returns the num‐
       ber of site events currently allowed on	the  system.  This  number  is
       determined  by  the sysconfig sec parameter audit_site_events.  Returns
       the base size of an audit data buffer.  This number  is	determined  by
       the  sysconfig  sec  parameter  audit_buffer_size.   Gets  or  sets  an
       object's selection and deselection flags.  The object is named by argp.
       For  SET_OBJAUDBIT,  the	 flag  argument	 specifies  AUD_SELECT	and/or
       AUD_DESELECT (see the "<sys/audit.h>" file).  Copies the process audit‐
       mask  for  the  process	specified  by  the  pid argument into a buffer
       pointed to by argp. The len argument is the size of the user's  buffer.
       The amount of data moved between the auditmask and the user's buffer is
       the smaller of the auditmask size and the buffer size.  This  operation
       returns the number of bytes copied out to the user buffer.  Returns the
       audit control flags (the audcntl flag) of the process specified by  the
       pid parameter.

RETURN VALUES
       The  values  returned  for  successful  calls  can  be  found under the
       description of the specific call request.

       If a call fails, a -1 is returned.

ERRORS
       The audcntl call fails under the following conditions: The  argp	 argu‐
       ment  contains  an  invalid address.  The user does not have the privi‐
       leges needed to perform this operation.	The value of the len, request,
       or  audit_id  argument  is invalid.  Insufficient memory to accommodate
       site mask or property list operation.  Indicates an attempt  to	use  a
       system call that is not configured.  The filesystem is read-only; prop‐
       erty lists cannot be  set.   The	 argp  argument	 contains  an  invalid
       address.	  The specified pid does not exist.  With GET_OBJAUDBIT speci‐
       fied, indicates an invalid property list entry.

SEE ALSO
       Commands: auditconfig(8), dxaudit(8X)

       Security

								    audcntl(2)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net