From owner-p4-projects@FreeBSD.ORG Tue Apr 26 00:54:03 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id DF63916A4D1; Tue, 26 Apr 2005 00:54:02 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FB2216A4CE for ; Tue, 26 Apr 2005 00:54:02 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 254FD43D5F for ; Tue, 26 Apr 2005 00:54:02 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3Q0s2QK054355 for ; Tue, 26 Apr 2005 00:54:02 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3Q0s1cn054352 for perforce@freebsd.org; Tue, 26 Apr 2005 00:54:01 GMT (envelope-from wsalamon@computer.org) Date: Tue, 26 Apr 2005 00:54:01 GMT Message-Id: <200504260054.j3Q0s1cn054352@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Subject: PERFORCE change 75983 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2005 00:54:03 -0000 http://perforce.freebsd.org/chv.cgi?CH=75983 Change 75983 by wsalamon@rickenbacker on 2005/04/26 00:53:35 Update the auditon man page with info on the types of data that are passed for each command. Fix a few other nits. Affected files ... .. //depot/projects/trustedbsd/openbsm/man/auditon.2#3 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/man/auditon.2#3 (text+ko) ==== @@ -1,6 +1,7 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson .\" Copyright (c) 2005 Tom Rhodes +.\" Copyright (c) 2005 Wayne J. Salamon .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -51,6 +52,9 @@ .Bl -tag -width ".It Dv A_GETPINFO_ADDR" .It Dv A_SETPOLICY Set audit policy flags. +.Ft *data +must point to an long value set to one of the audit +policy control values defined in audit.h. Currently, only .Dv AUDIT_CNT and @@ -70,16 +74,26 @@ Return .Er ENOSYS . .It Dv A_SETKMASK -Set the kernel preselection mask to the data stored in the class mask. -This mask is used for non-attributable audit event preselection. +Set the kernel preselection masks (success and failure). +.Ft *data +must point to a +.Ft au_mask_t +structure containing the mask values. +These masks are used for non-attributable audit event preselection. .It Dv A_SETQCTRL -Set the kernel audit queue control parameters to their minimum or -maximum values in +Set kernel audit queue parameters. +.Ft *data +must point to a +.Ft au_qctrl_t +structure containing the +kernel audit queue control settings: .Va high water , .Va low water , .Va output buffer size , +.Va percent min free disk space , and -.Em delay . +.Em delay +(not currently used). .It Dv A_SETSTAT Return .Er ENOSYS . @@ -90,36 +104,95 @@ Return .Er ENOSYS . .It Dv A_SETCOND -Toggle audit record generation to on or off values. +Set the current auditing condition. +.Ft *data +must point to an long value containing the new +audit condition, one of +.Dv AUC_AUDITING , +.Dv AUC_NOAUDIT , +or +.Dv AUC_DISABLED . .It Dv A_SETCLASS -Set the event class preselection mask for the designated audit event. +Set the event class preselection mask for an audit event. +.Ft *data +must point to a +.Ft au_evclass_map_t +structure containing the audit event and mask. .It Dv A_SETPMASK -Set the given process's audit selection masks for both -success and failure. +Set the preselection masks for a process. +.Ft *data +must point to a +.Ft auditpinfo_t +structure that contains the given process's audit +preselection masks for both success and failure. .It Dv A_SETFSIZE Set the maximum size of the audit log file. +.Ft *data +must point to a +.Ft au_fstat_t +structure with the +.Ft af_filesz +field set to the maximum audit log file size. A value of 0 +indicates no limit to the size. .It Dv A_SETKAUDIT Return .Er ENOSYS . .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. +.Ft *data +must point to a +.Ft au_evclass_map_t +structure. .It Dv A_GETKAUDIT Return .Er ENOSYS . .It Dv A_GETPINFO -Return the audit ID, preselection mask, terminal ID, and audit session -ID of the specified process. +Return the audit settings for a process. +.Ft *data +must point to a +.Ft auditpinfo_t +structure which will be set to contain +the audit ID, preselection mask, terminal ID, and audit session +ID of the given process. .It Dv A_GETPINFO_ADDR Return .Er ENOSYS . .It Dv A_GETKMASK -Return the current kernel preselection mask for non-attributable mask. +Return the current kernel preselection masks. +.Ft *data +must point to a +.Ft au_mask_t +structure which will be set to +the current kernel preselection masks for non-attributable events. .It Dv A_GETPOLICY -Get the current audit policy flags. +Return the current audit policy setting. +.Ft *data +must point to an long value which will be set to +one of the current audit policy flags. +Currently, only +.Dv AUDIT_CNT +and +.Dv AUDIT_AHLT +are implemented. .It Dv A_GETQCTRL -Return the kernel audit queue control parameters. -.It Dv A_SETQCTRL -Set the kernel audit queue control parameters. +Return the current kernel audit queue control parameters. +.Ft *data +must point to a +.Ft au_qctrl_t +structure which will be set to the current +kernel audit queue control parameters. +.It Dv A_GETFSIZE +Returns the maximum size of the audit log file. +.Ft *data +must point to a +.Ft au_fstat_t +structure. The +.Ft af_filesz +field will set to the maximum audit log file size. A value of 0 +indicates no limit to the size. +The +.Ft af_filesz +will be set to the current audit log file size. .It Dv A_GETCWD .\" [COMMENTED OUT]: Valid description, not yet implemented. .\" Return the current working directory as stored in the audit subsystem. @@ -137,8 +210,13 @@ Return .Er ENOSYS . .It Dv A_GETCOND -Return -.Er ENOSYS . +Return the current auditing condition. +.Ft *data +must point to an long value which will be set to +the current audit condition, either +.Dv AUC_AUDITING +or +.Dv AUC_NOAUDIT . .El .Sh RETURN VALUES .Rv -std @@ -177,14 +255,17 @@ stream format were defined by Sun Microsystems. .Pp This manual page was written by -.An Tom Rhodes Aq trhodes@FreeBSD.org . +.An Tom Rhodes Aq trhodes@FreeBSD.org , +.An Robert Watson Aq rwatson@FreeBSD.org , +and +.An Wayne Salamon Aq wsalamon@FreeBSD.org . .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 1994. +division of McAfee Inc., under contract to Apple Computer Inc. in 2003. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Pp The -.Fn audit +.Fn auditon function first appeared in .Fx 6.0 .