Date: Sat, 16 Jun 2012 18:01:43 GMT From: Joel Dahl <joel@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 212963 for review Message-ID: <201206161801.q5GI1hvQ081803@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@212963?ac=10 Change 212963 by joel@joel_crashbox on 2012/06/16 18:00:57 mdoc: remove end of line whitespace. Affected files ... .. //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#16 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#18 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 edit .. //depot/projects/trustedbsd/openbsm/man/audit.log.5#25 edit .. //depot/projects/trustedbsd/openbsm/man/auditon.2#17 edit .. //depot/projects/trustedbsd/openbsm/man/getaudit.2#11 edit .. //depot/projects/trustedbsd/openbsm/man/setaudit.2#11 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#16 (text+ko) ==== @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#15 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#16 $ .\" .Dd January 29, 2009 .Dt AUDIT 8 @@ -46,18 +46,18 @@ .It Fl e Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file without -doing a log rotation. +doing a log rotation. .It Fl i Initializes and starts auditing. This option is currently for Mac OS X only and requires .Xr auditd 8 -to be configured to run under +to be configured to run under .Xr launchd 8 . .It Fl n Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit control file. -Also, audit log files that meet the expiration criteria specified in the +Also, audit log files that meet the expiration criteria specified in the audit control file will be removed. .It Fl s Specifies that the audit system should [re]synchronize its @@ -77,7 +77,7 @@ .Xr launchd 8 (Mac OS X only). The -.Nm +.Nm utility requires audit administrator privileges for successful operation. .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_control" -compact ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#18 (text+ko) ==== @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#17 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#18 $ .\" .Dd December 11, 2008 .Dt AUDITD 8 @@ -59,7 +59,7 @@ .Pp Optionally, the audit review group "audit" may be created. Non-privileged -users that are members of this group may read the audit trail log files. +users that are members of this group may read the audit trail log files. .Sh NOTE To assure uninterrupted audit support, the .Nm @@ -72,33 +72,33 @@ .Pa audit_control file. .Pp -If +If .Nm is started on-demand by -.Xr launchd 8 +.Xr launchd 8 then auditing should only be started and stopped with .Xr audit 8 . .Pp -On Mac OS X, +On Mac OS X, .Nm -uses the +uses the .Xr asl 3 API for writing system log messages. -Therefore, only the audit administrator +Therefore, only the audit administrator and members of the audit review group will be able to read the -system log entries. +system log entries. .Sh FILES .Bl -tag -width ".Pa /etc/security" -compact .It Pa /var/audit Default directory for storing audit log files. .Pp .It Pa /etc/security -The directory containing the auditing configuration files +The directory containing the auditing configuration files .Xr audit_class 5 , .Xr audit_control 5 , .Xr audit_event 5 , and -.Xr audit_warn 5 . +.Xr audit_warn 5 . .El .Sh COMPATIBILITY The historical ==== //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 (text+ko) ==== @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#8 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 $ .\" .Dd August 4, 2009 .Dt AU_IO 3 @@ -83,7 +83,7 @@ .Fn au_print_flags_tok function is a replacement for .Fn au_print_tok . -The +The .Fa oflags controls how the output should be formatted and is specified by or'ing the following flags: @@ -148,12 +148,12 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Pp -The +The .Fn au_print_flags_tok function was added by Stacey Son as a replacement for the .Fn au_print_tok so new output formatting flags can be easily added without changing the API. -The +The .Fn au_print_tok is obsolete but remains in the API to support legacy code. .Sh AUTHORS ==== //depot/projects/trustedbsd/openbsm/man/audit.log.5#25 (text+ko) ==== @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#24 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#25 $ .\" .Dd November 5, 2006 .Dt AUDIT.LOG 5 @@ -551,7 +551,7 @@ Each token has four or eight fields. Depending on the type of socket, a socket token may be created using .Xr au_to_sock_unix 3 , -.Xr au_to_sock_inet32 3 +.Xr au_to_sock_inet32 3 or .Xr au_to_sock_inet128 3 . .Bl -column -offset 3n ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" ==== //depot/projects/trustedbsd/openbsm/man/auditon.2#17 (text+ko) ==== @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#16 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#17 $ .\" .Dd January 29, 2009 .Dt AUDITON 2 @@ -73,25 +73,25 @@ .Dv AUDIT_ARGE . If .Dv AUDIT_CNT is set, the system will continue even if it becomes low -on space and discontinue logging events until the low space condition is +on space and discontinue logging events until the low space condition is remedied. -If it is not set, audited events will block until the low space +If it is not set, audited events will block until the low space condition is remedied. Unaudited events, however, are unaffected. -If -.Dv AUDIT_AHLT is set, a +If +.Dv AUDIT_AHLT is set, a .Xr panic 9 if it cannot write an event to the global audit log file. -If +If .Dv AUDIT_ARGV -is set, then the argument list passed to the -.Xr execve 2 +is set, then the argument list passed to the +.Xr execve 2 system call will be audited. If .Dv AUDIT_ARGE is set, then the environment variables passed to the .Xr execve 2 system call will be audited. The default policy is none of the audit policy -control flags set. +control flags set. .It Dv A_SETKAUDIT Set the host information. The @@ -102,7 +102,7 @@ structure containing the host IP address information. After setting, audit records that are created as a result of kernel events will contain -this information. +this information. .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). The @@ -110,9 +110,9 @@ argument must point to a .Vt au_mask_t -structure containing the mask values as defined in +structure containing the mask values as defined in .In bsm/audit.h . -These masks are used for non-attributable audit event preselection. +These masks are used for non-attributable audit event preselection. The field .Fa am_success specifies which classes of successful audit events are to be logged to the @@ -197,14 +197,14 @@ .Dv AUC_NOAUDIT , or .Dv AUC_DISABLED . -If -.Dv AUC_NOAUDIT -is set, then auditing is temporarily suspended. If +If +.Dv AUC_NOAUDIT +is set, then auditing is temporarily suspended. If .Dv AUC_AUDITING -is set, auditing is resumed. If -.Dv AUC_DISABLED +is set, auditing is resumed. If +.Dv AUC_DISABLED is set, the auditing system will -shutdown, draining all audit records and closing out the audit trail file. +shutdown, draining all audit records and closing out the audit trail file. .It Dv A_SETCLASS Set the event class preselection mask for an audit event. The @@ -215,7 +215,7 @@ structure containing the audit event and mask. The field .Fa ec_number -is the audit event and +is the audit event and .Fa ec_class is the audit class mask. See .Xr audit_event 5 @@ -259,7 +259,7 @@ must point to a .Vt au_evclass_map_t structure. See the -.Dv A_SETCLASS +.Dv A_SETCLASS section above for more information. .It Dv A_GETKAUDIT Get the current host information. @@ -277,23 +277,23 @@ must point to a .Vt auditpinfo_t structure which will be set to contain -.Fa ap_auid -(the audit ID), +.Fa ap_auid +(the audit ID), .Fa ap_mask (the preselection mask), .Fa ap_termid (the terminal ID), and -.Fa ap_asid +.Fa ap_asid (the audit session ID) of the given target process. -The process ID of the target process is passed +The process ID of the target process is passed into the kernel using the .Fa ap_pid field. See the section .Dv A_SETPMASK -above and -.Xr getaudit 2 +above and +.Xr getaudit 2 for more information. .It Dv A_GETPINFO_ADDR Return the extended audit settings for a process. @@ -302,20 +302,20 @@ argument must point to a .Vt auditpinfo_addr_t -structure which is similar to the +structure which is similar to the .Vt auditpinfo_addr_t -structure described above. -The exception is the +structure described above. +The exception is the .Fa ap_termid (the terminal ID) field which points to a -.Vt au_tid_addr_t -structure can hold much a larger terminal address and an address type. +.Vt au_tid_addr_t +structure can hold much a larger terminal address and an address type. The process ID of the target process is passed into the kernel using the .Fa ap_pid field. -See the section +See the section .Dv A_SETPMASK -above and +above and .Xr getaudit 2 for more information. .It Dv A_GETSINFO_ADDR @@ -326,10 +326,10 @@ must point to a .Vt auditinfo_addr_t structure. -The audit session ID of the target session is passed +The audit session ID of the target session is passed into the kernel using the .Fa ai_asid -field. See +field. See .Xr getaudit_addr 2 for more information about the .Vt auditinfo_addr_t @@ -353,8 +353,8 @@ value which will be set to one of the current audit policy flags. The audit policy flags are -described in the -.Dv A_SETPOLICY +described in the +.Dv A_SETPOLICY section above. .It Dv A_GETQCTRL Return the current kernel audit queue control parameters. @@ -411,12 +411,12 @@ must point to a .Vt int value which will be set to -the current audit condition, one of +the current audit condition, one of .Dv AUC_AUDITING , -.Dv AUC_NOAUDIT +.Dv AUC_NOAUDIT or .Dv AUC_DISABLED . -See the +See the .Dv A_SETCOND section above for more information. .It Dv A_SENDTRIGGER ==== //depot/projects/trustedbsd/openbsm/man/getaudit.2#11 (text+ko) ==== @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#10 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#11 $ .\" .Dd October 19, 2008 .Dt GETAUDIT 2 @@ -156,7 +156,7 @@ .Fa length argument indicates an overflow condition will occur. .It Bq Er E2BIG -The address is too big and, therefore, +The address is too big and, therefore, .Fn getaudit_addr should be used instead. .El ==== //depot/projects/trustedbsd/openbsm/man/setaudit.2#11 (text+ko) ==== @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#10 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#11 $ .\" .Dd April 19, 2005 .Dt SETAUDIT 2 @@ -73,13 +73,13 @@ .Pp The .Fa ai_auid -variable contains the audit identifier which is recorded in the audit log for +variable contains the audit identifier which is recorded in the audit log for each event the process caused. .PP The .Fa au_mask_t -data structure defines the bit mask for auditing successful and failed events +data structure defines the bit mask for auditing successful and failed events out of the predefined list of event classes. It is defined as follows: .nf .in +4n @@ -95,7 +95,7 @@ The .Fa au_termid_t -data structure defines the Terminal ID recorded with every event caused by the +data structure defines the Terminal ID recorded with every event caused by the process. It is defined as follows: .nf .in +4n @@ -111,14 +111,14 @@ .PP The .Fa ai_asid -variable contains the audit session ID which is recorded with every event +variable contains the audit session ID which is recorded with every event caused by the process. .Pp The .Fn setaudit_addr system call uses the expanded -.Fa auditinfo_addr_t +.Fa auditinfo_addr_t data structure supports Terminal IDs with larger addresses such as those used in IP version 6. It is defined as follows: .nf @@ -134,9 +134,9 @@ .in .fi .Pp -The +The .Fa au_tid_addr_t -data structure which includes a larger address storage field and an additional +data structure which includes a larger address storage field and an additional field with the type of address stored: .nf .in +4n
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206161801.q5GI1hvQ081803>