From owner-p4-projects@FreeBSD.ORG Tue Oct 3 15:12:10 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C289A16A412; Tue, 3 Oct 2006 15:12:10 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F54216A403 for ; Tue, 3 Oct 2006 15:12:10 +0000 (UTC) (envelope-from ru@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02A0E43D55 for ; Tue, 3 Oct 2006 15:12:10 +0000 (GMT) (envelope-from ru@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k93FC99f027716 for ; Tue, 3 Oct 2006 15:12:09 GMT (envelope-from ru@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k93FC9NE027707 for perforce@freebsd.org; Tue, 3 Oct 2006 15:12:09 GMT (envelope-from ru@freebsd.org) Date: Tue, 3 Oct 2006 15:12:09 GMT Message-Id: <200610031512.k93FC9NE027707@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to ru@freebsd.org using -f From: Ruslan Ermilov To: Perforce Change Reviews Cc: Subject: PERFORCE change 107186 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 15:12:11 -0000 http://perforce.freebsd.org/chv.cgi?CH=107186 Change 107186 by ru@ru_edoofus on 2006/10/03 15:12:02 Fix markup. Affected files ... .. //depot/projects/trustedbsd/openbsm/man/audit.2#8 edit .. //depot/projects/trustedbsd/openbsm/man/auditctl.2#7 edit .. //depot/projects/trustedbsd/openbsm/man/auditon.2#11 edit .. //depot/projects/trustedbsd/openbsm/man/getaudit.2#7 edit .. //depot/projects/trustedbsd/openbsm/man/getauid.2#7 edit .. //depot/projects/trustedbsd/openbsm/man/setaudit.2#7 edit .. //depot/projects/trustedbsd/openbsm/man/setauid.2#7 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/man/audit.2#8 (text+ko) ==== @@ -24,25 +24,29 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#8 $ .\" .Dd April 19, 2005 .Dt AUDIT 2 .Os .Sh NAME .Nm audit -.Nd "Commit a BSM audit record to the audit log" +.Nd "commit BSM audit record to audit log" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn audit "const char *record" "u_int length" .Sh DESCRIPTION +The .Fn audit +system call submits a completed BSM audit record to the system audit log. .Pp +The .Fa record -is a pointer to the the specific event to be recorded and -.Vt length +argument +is a pointer to the specific event to be recorded and +.Fa length is the size in bytes of the data to be written. .Sh RETURN VALUES .Rv -std @@ -57,9 +61,9 @@ argument is beyond the allocated address space of the process. .It Bq Er EINVAL The token ID is invalid or -.Vt length +.Va length is larger than -.Vt MAXAUDITDATA . +.Dv MAXAUDITDATA . .It Bq Er EPERM The process does not have sufficient permission to complete the operation. @@ -79,9 +83,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS +.An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. ==== //depot/projects/trustedbsd/openbsm/man/auditctl.2#7 (text+ko) ==== @@ -23,14 +23,14 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#7 $ .\" .Dd April 19, 2005 .Dt AUDITCTL 2 .Os .Sh NAME .Nm auditctl -.Nd "Configure system audit parameters" +.Nd "configure system audit parameters" .Sh SYNOPSIS .In bsm/audit.h .Ft int @@ -39,26 +39,23 @@ The .Fn auditctl system call directs the kernel to open a new audit trail log file. -.Fn auditctl -requires appropriate privilege. +It requires an appropriate privilege. In the .Fx implementation, .Fn auditctl opens new files, but -.Fn auditon +.Xr auditon 2 is used to disable the audit log. In the Mac OS X implementation, passing -.Va NULL +.Dv NULL to .Fn auditctl will disable the audit log. .Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . +.Rv -std .Sh SEE ALSO +.Xr auditon 2 , .Xr libbsm 3 , .Xr auditd 8 .Sh HISTORY @@ -67,9 +64,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS +.An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. ==== //depot/projects/trustedbsd/openbsm/man/auditon.2#11 (text+ko) ==== @@ -25,37 +25,47 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#10 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#11 $ .\" .Dd April 19, 2005 .Dt AUDITON 2 .Os .Sh NAME .Nm auditon -.Nd "Configure system audit parameters" +.Nd "configure system audit parameters" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn auditon "int cmd" "void *data" "u_int length" .Sh DESCRIPTION The -.Nm +.Fn auditon system call is used to manipulate various audit control operations. -.Ft *data +The +.Fa data +argument should point to a structure whose type depends on the command. -.Ft length -specifies the size of the -.Em data +The +.Fa length +argument +specifies the size of +.Fa *data in bytes. -.Ft cmd +The +.Fa cmd +argument may be any of the following: .Bl -tag -width ".It Dv A_GETPINFO_ADDR" .It Dv A_SETPOLICY Set audit policy flags. -.Ft *data -must point to a long value set to one of the audit +The +.Fa data +argument +must point to a +.Vt long +value set to one of the audit policy control values defined in -.Pa audit.h . +.In bsm/audit.h . Currently, only .Dv AUDIT_CNT and @@ -76,24 +86,28 @@ .Er ENOSYS . .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). -.Ft *data +The +.Fa data +argument must point to a -.Ft au_mask_t +.Vt au_mask_t structure containing the mask values. These masks are used for non-attributable audit event preselection. .It Dv A_SETQCTRL Set kernel audit queue parameters. -.Ft *data +The +.Fa data +argument must point to a -.Ft au_qctrl_t +.Vt au_qctrl_t structure containing the kernel audit queue control settings: -.Va high water , -.Va low water , -.Va output buffer size , -.Va percent min free disk space , +.Dq "high water" , +.Dq "low water" , +.Dq "output buffer size" , +.Dq "percent min free disk space" , and -.Em delay +.Dq delay (not currently used). .It Dv A_SETSTAT Return @@ -106,8 +120,12 @@ .Er ENOSYS . .It Dv A_SETCOND Set the current auditing condition. -.Ft *data -must point to a long value containing the new +The +.Fa data +argument +must point to a +.Vt long +value containing the new audit condition, one of .Dv AUC_AUDITING , .Dv AUC_NOAUDIT , @@ -115,24 +133,30 @@ .Dv AUC_DISABLED . .It Dv A_SETCLASS Set the event class preselection mask for an audit event. -.Ft *data +The +.Fa data +argument must point to a -.Ft au_evclass_map_t +.Vt au_evclass_map_t structure containing the audit event and mask. .It Dv A_SETPMASK Set the preselection masks for a process. -.Ft *data +The +.Fa data +argument must point to a -.Ft auditpinfo_t +.Vt auditpinfo_t structure that contains the given process's audit preselection masks for both success and failure. .It Dv A_SETFSIZE Set the maximum size of the audit log file. -.Ft *data +The +.Fa data +argument must point to a -.Ft au_fstat_t +.Vt au_fstat_t structure with the -.Ft af_filesz +.Va af_filesz field set to the maximum audit log file size. A value of 0 indicates no limit to the size. @@ -141,18 +165,22 @@ .Er ENOSYS . .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. -.Ft *data +The +.Fa data +argument must point to a -.Ft au_evclass_map_t +.Vt au_evclass_map_t structure. .It Dv A_GETKAUDIT Return .Er ENOSYS . .It Dv A_GETPINFO Return the audit settings for a process. -.Ft *data +The +.Fa data +argument must point to a -.Ft auditpinfo_t +.Vt auditpinfo_t structure which will be set to contain the audit ID, preselection mask, terminal ID, and audit session ID of the given process. @@ -161,15 +189,21 @@ .Er ENOSYS . .It Dv A_GETKMASK Return the current kernel preselection masks. -.Ft *data +The +.Fa data +argument must point to a -.Ft au_mask_t +.Vt au_mask_t structure which will be set to the current kernel preselection masks for non-attributable events. .It Dv A_GETPOLICY Return the current audit policy setting. -.Ft *data -must point to a long value which will be set to +The +.Fa data +argument +must point to a +.Vt long +value which will be set to one of the current audit policy flags. Currently, only .Dv AUDIT_CNT @@ -178,23 +212,28 @@ are implemented. .It Dv A_GETQCTRL Return the current kernel audit queue control parameters. -.Ft *data +The +.Fa data +argument must point to a -.Ft au_qctrl_t +.Vt au_qctrl_t structure which will be set to the current kernel audit queue control parameters. .It Dv A_GETFSIZE Returns the maximum size of the audit log file. -.Ft *data +The +.Fa data +argument must point to a -.Ft au_fstat_t +.Vt au_fstat_t structure. The -.Ft af_filesz +.Va af_filesz field will be set to the maximum audit log file size. A value of 0 indicates no limit to the size. The -.Ft af_currsz +.Va af_currsz +field will be set to the current audit log file size. .It Dv A_GETCWD .\" [COMMENTED OUT]: Valid description, not yet implemented. @@ -214,16 +253,24 @@ .Er ENOSYS . .It Dv A_GETCOND Return the current auditing condition. -.Ft *data -must point to a long value which will be set to +The +.Fa data +argument +must point to a +.Vt long +value which will be set to the current audit condition, either .Dv AUC_AUDITING or .Dv AUC_NOAUDIT . .It Dv A_SENDTRIGGER Send a trigger to the audit daemon. -.Fr *data -must point to a long value set to one of the acceptable +The +.Fa data +argument +must point to a +.Vt long +value set to one of the acceptable trigger values: .Dv AUDIT_TRIGGER_LOW_SPACE (low disk space where the audit log resides), @@ -279,9 +326,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS +.An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. ==== //depot/projects/trustedbsd/openbsm/man/getaudit.2#7 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#7 $ .\" .Dd April 19, 2005 .Dt GETAUDIT 2 @@ -31,7 +31,7 @@ .Sh NAME .Nm getaudit , .Nm getaudit_addr -.Nd "Retrieve audit session state" +.Nd "retrieve audit session state" .Sh SYNOPSIS .In bsm/audit.h .Ft int @@ -39,23 +39,24 @@ .Ft int .Fn getaudit_addr "auditinfo_addr_t *auditinfo_addr" "u_int length" .Sh DESCRIPTION +The .Fn getaudit +system call retrieves the active audit session state for the current process via the .Vt auditinfo_t pointed to by -.Va auditinfo . +.Fa auditinfo . +The .Fn getaudit_addr +system call retrieves extended state via -.Va auditinfo_addr +.Fa auditinfo_addr and -.Va length . +.Fa length . .Pp -This system call requires appropriate privilege to complete. +These system calls require an appropriate privilege to complete. .Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . +.Rv -std getaudit getaudit_addr .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , @@ -69,9 +70,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS +.An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. ==== //depot/projects/trustedbsd/openbsm/man/getauid.2#7 (text+ko) ==== @@ -23,31 +23,30 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#7 $ .\" .Dd April 19, 2005 .Dt GETAUID 2 .Os .Sh NAME .Nm getauid -.Nd "Retrieve audit session ID" +.Nd "retrieve audit session ID" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn getauid "au_id_t *auid" .Sh DESCRIPTION -.Nm +The +.Fn getauid +system call retrieves the active audit session ID for the current process via the .Vt au_id_t pointed to by -.Va auid . +.Fa auid . .Pp -This system call requires appropriate privilege to complete. +This system call requires an appropriate privilege to complete. .Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . +.Rv -std .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , @@ -63,9 +62,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS +.An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. ==== //depot/projects/trustedbsd/openbsm/man/setaudit.2#7 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#7 $ .\" .Dd April 19, 2005 .Dt SETAUDIT 2 @@ -31,31 +31,32 @@ .Sh NAME .Nm setaudit , .Nm setaudit_addr -.Nd "Set audit session state" +.Nd "set audit session state" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn setaudit "auditinfo_t *auditinfo" .Ft int -.Fn setaudit_addr "auditinfo_addr_t *auditinfo" "u_int length" +.Fn setaudit_addr "auditinfo_addr_t *auditinfo_addr" "u_int length" .Sh DESCRIPTION -.Nm +The +.Fn setaudit +system call sets the active audit session state for the current process via the .Vt auditinfo_t pointed to by -.Va auditinfo . +.Fa auditinfo . +The .Fn setaudit_addr +system call sets extended state via -.Va auditinfo_addr +.Fa auditinfo_addr and -.Va length . +.Fa length . .Pp -This system call requires appropriate privilege to complete. +These system calls require an appropriate privilege to complete. .Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . +.Rv -std setaudit setaudit_addr .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , @@ -69,9 +70,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS +.An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. ==== //depot/projects/trustedbsd/openbsm/man/setauid.2#7 (text+ko) ==== @@ -23,31 +23,30 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#7 $ .\" .Dd April 19, 2005 .Dt SETAUID 2 .Os .Sh NAME .Nm setauid -.Nd "Set audit session ID" +.Nd "set audit session ID" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn setauid "au_id_t *auid" .Sh DESCRIPTION -.Nm +The +.Fn setauid +system call sets the active audit session ID for the current process from the .Vt au_id_t pointed to by -.Va auid . +.Fa auid . .Pp -This system call requires appropriate privilege to complete. +This system call requires an appropriate privilege to complete. .Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . +.Rv -std .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , @@ -63,9 +62,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS +.An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.