Date: Tue, 31 Jan 2006 01:20:22 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 90752 for review Message-ID: <200601310120.k0V1KMm9080739@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=90752 Change 90752 by rwatson@rwatson_peppercorn on 2006/01/31 01:19:40 style(9), staticize some functions. Affected files ... .. //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#2 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#2 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#2 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#2 (text+ko) ==== @@ -36,36 +36,44 @@ #include "auditd.h" -/* Write to the audit log. */ -static int auditwarnlog(char *args[]) +/* + * Write to the audit log. + */ +static int +auditwarnlog(char *args[]) { char *loc_args[9]; + pid_t pid; int i; - pid_t pid; loc_args[0] = AUDITWARN_SCRIPT; - for (i = 0; args[i] != NULL && i < 8; i++) { + for (i = 0; args[i] != NULL && i < 8; i++) loc_args[i+1] = args[i]; - } loc_args[i+1] = NULL; pid = fork(); - if (pid == 0) { // child + if (pid == -1) + return (-1); + if (pid == 0) { + /* + * Child. + */ execv(AUDITWARN_SCRIPT, loc_args); syslog(LOG_ERR, "Could not exec %s\n", AUDITWARN_SCRIPT); - exit (1); // if we reach here, the exec failed - } else if (pid == -1) { - return -1; - } else { // parent - return 0; + exit(1); } + /* + * Parent. + */ + return (0); } /* - * Indicates that the hard limit for all filesystems - * has been exceeded count times + * Indicates that the hard limit for all filesystems has been exceeded count + * times. */ -int audit_warn_allhard(int count) +int +audit_warn_allhard(int count) { char intstr[12]; char *args[3]; @@ -76,61 +84,62 @@ args[1] = intstr; args[2] = NULL; - return auditwarnlog(args); + return (auditwarnlog(args)); } /* - * Indicates that the soft limit for all filesystems - * has been exceeded + * Indicates that the soft limit for all filesystems has been exceeded. */ -int audit_warn_allsoft() +int +audit_warn_allsoft(void) { char *args[2]; args[0] = SOFTLIM_ALL_WARN; args[1] = NULL; - return auditwarnlog(args); + return (auditwarnlog(args)); } /* - * Indicates that someone other than the audit daemon - * turned off auditing - * XXX Its not clear at this point how this function will - * XXX be invoked + * Indicates that someone other than the audit daemon turned off auditing. + * XXX Its not clear at this point how this function will be invoked. + * XXXRW: This function is not used. */ -int audit_warn_auditoff() +int +audit_warn_auditoff(void) { char *args[2]; args[0] = AUDITOFF_WARN; args[1] = NULL; - return auditwarnlog(args); + return (auditwarnlog(args)); } /* * Indicates that the audit deammn is already running */ -int audit_warn_ebusy() +int +audit_warn_ebusy(void) { char *args[2]; args[0] = EBUSY_WARN; args[1] = NULL; - return auditwarnlog(args); - + return (auditwarnlog(args)); } /* - * Indicates that there is a problem getting the directory - * from audit_control + * Indicates that there is a problem getting the directory from + * audit_control. * - * XXX Note that we take the filename instead of a count - * XXX as the argument here (different from BSM) + * XXX Note that we take the filename instead of a count as the argument here + * (different from BSM). */ -int audit_warn_getacdir(char *filename) +int +audit_warn_getacdir(char *filename) { char *args[3]; @@ -138,15 +147,14 @@ args[1] = filename; args[2] = NULL; - return auditwarnlog(args); + return (auditwarnlog(args)); } - /* - * Indicates that the hard limit for this file has been - * exceeded + * Indicates that the hard limit for this file has been exceeded. */ -int audit_warn_hard(char *filename) +int +audit_warn_hard(char *filename) { char *args[3]; @@ -154,42 +162,43 @@ args[1] = filename; args[2] = NULL; - return auditwarnlog(args); - + return (auditwarnlog(args)); } /* - * Indicates that auditing could not be started + * Indicates that auditing could not be started. */ -int audit_warn_nostart() +int +audit_warn_nostart(void) { char *args[2]; args[0] = NOSTART_WARN; args[1] = NULL; - return auditwarnlog(args); + return (auditwarnlog(args)); } /* - * Indicaes that an error occrred during the orderly shutdown - * of the audit daemon + * Indicaes that an error occrred during the orderly shutdown of the audit + * daemon. */ -int audit_warn_postsigterm() +int +audit_warn_postsigterm(void) { char *args[2]; args[0] = POSTSIGTERM_WARN; args[1] = NULL; - return auditwarnlog(args); + return (auditwarnlog(args)); } /* - * Indicates that the soft limit for this file has been - * exceeded + * Indicates that the soft limit for this file has been exceeded. */ -int audit_warn_soft(char *filename) +int +audit_warn_soft(char *filename) { char *args[3]; @@ -197,20 +206,20 @@ args[1] = filename; args[2] = NULL; - return auditwarnlog(args); - + return (auditwarnlog(args)); } /* - * Indicates that the temporary audit file already exists - * indicating a fatal error + * Indicates that the temporary audit file already exists indicating a fatal + * error. */ -int audit_warn_tmpfile() +int +audit_warn_tmpfile(void) { char *args[2]; args[0] = TMPFILE_WARN; args[1] = NULL; - return auditwarnlog(args); + return (auditwarnlog(args)); } ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#2 (text+ko) ==== @@ -61,19 +61,24 @@ static int allhardcount = 0; static int triggerfd = 0; -TAILQ_HEAD(, dir_ent) dir_q; +static TAILQ_HEAD(, dir_ent) dir_q; -/* Error starting auditd */ -void fail_exit() +/* + * Error starting auditd + */ +static void +fail_exit(void) { + audit_warn_nostart(); exit(1); } /* - * Free our local list of directory names + * Free our local list of directory names. */ -void free_dir_q() +static void +free_dir_q() { struct dir_ent *dirent; @@ -85,30 +90,29 @@ } /* - * generate the timestamp string + * Generate the timestamp string. */ -int getTSstr(char *buf, int len) +static int +getTSstr(char *buf, int len) { struct timeval ts; struct timezone tzp; time_t tt; - if(gettimeofday(&ts, &tzp) != 0) { - return -1; - } + if (gettimeofday(&ts, &tzp) != 0) + return (-1); tt = (time_t)ts.tv_sec; - if(!strftime(buf, len, "%Y%m%d%H%M%S", gmtime(&tt))) { - return -1; - } - - return 0; + if (!strftime(buf, len, "%Y%m%d%H%M%S", gmtime(&tt))) + return (-1); + return (0); } /* - * Concat the directory name to the given file name + * Concat the directory name to the given file name. * XXX We should affix the hostname also */ -char *affixdir(char *name, struct dir_ent *dirent) +static char * +affixdir(char *name, struct dir_ent *dirent) { char *fn; char *curdir; @@ -117,59 +121,53 @@ curdir = dirent->dirname; syslog(LOG_INFO, "dir = %s\n", dirent->dirname); - fn = (char *) malloc (strlen(curdir) + strlen(sep) - + (2 * POSTFIX_LEN) + 1); - if(fn == NULL) { - return NULL; - } + fn = malloc(strlen(curdir) + strlen(sep) + (2 * POSTFIX_LEN) + 1); + if (fn == NULL) + return (NULL); strcpy(fn, curdir); strcat(fn, sep); strcat(fn, name); - - return fn; + return (fn); } -/* Close the previous audit trail file */ -int close_lastfile(char *TS) +/* + * Close the previous audit trail file. + */ +static int +close_lastfile(char *TS) { char *ptr; char *oldname; - if(lastfile != NULL) { + if (lastfile != NULL) { oldname = (char *)malloc(strlen(lastfile) + 1); - if(oldname == NULL) { - return -1; - } + if (oldname == NULL) + return (-1); strcpy(oldname, lastfile); - /* rename the last file -- append timestamp */ - - if((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) { + /* Rename the last file -- append timestamp. */ + if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) { *ptr = '.'; strcpy(ptr+1, TS); - if(rename(oldname, lastfile) != 0) { + if (rename(oldname, lastfile) != 0) syslog(LOG_ERR, "Could not rename %s to %s \n", - oldname, lastfile); - } - else { + oldname, lastfile); + else syslog(LOG_INFO, "renamed %s to %s \n", - oldname, lastfile); - } + oldname, lastfile); } - free(lastfile); free(oldname); - lastfile = NULL; } - - return 0; + return (0); } /* - * Create the new file name, swap with existing audit file + * Create the new file name, swap with existing audit file. */ -int swap_audit_file() +static int +swap_audit_file(void) { char timestr[2 * POSTFIX_LEN]; char *fn; @@ -177,19 +175,18 @@ struct dir_ent *dirent; int fd; - if(getTSstr(TS, POSTFIX_LEN) != 0) { - return -1; - } + if (getTSstr(TS, POSTFIX_LEN) != 0) + return (-1); strcpy(timestr, TS); strcat(timestr, NOT_TERMINATED); - /* try until we succeed */ - while((dirent = TAILQ_FIRST(&dir_q))) { - if((fn = affixdir(timestr, dirent)) == NULL) { + /* Try until we succeed. */ + while ((dirent = TAILQ_FIRST(&dir_q))) { + if ((fn = affixdir(timestr, dirent)) == NULL) { syslog(LOG_INFO, "Failed to swap log at time %s\n", timestr); - return -1; + return (-1); } /* @@ -198,77 +195,80 @@ */ syslog(LOG_INFO, "New audit file is %s\n", fn); fd = open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP); - if (fd < 0) { + if (fd < 0) perror("File open"); - } else if (auditctl(fn) != 0) { - syslog(LOG_ERR, - "auditctl failed setting log file! : %s\n", - strerror(errno)); + syslog(LOG_ERR, + "auditctl failed setting log file! : %s\n", + strerror(errno)); close(fd); - } - else { - /* Success */ + } else { + /* Success. */ close_lastfile(TS); lastfile = fn; close(fd); - return 0; + return (0); } - /* Tell the administrator about lack of permissions for dir */ + /* + * Tell the administrator about lack of permissions for dir. + */ audit_warn_getacdir(dirent->dirname); - /* Try again with a different directory */ + /* Try again with a different directory. */ TAILQ_REMOVE(&dir_q, dirent, dirs); free(dirent->dirname); free(dirent); } syslog(LOG_INFO, "Log directories exhausted\n"); - return -1; + return (-1); } /* - * Read the audit_control file contents + * Read the audit_control file contents. */ -int read_control_file() +static int +read_control_file(void) { char cur_dir[MAXNAMLEN]; struct dir_ent *dirent; au_qctrl_t qctrl; - /* Clear old values */ + /* + * Clear old values. Force a re-read of the file the next time. + */ free_dir_q(); - endac(); // force a re-read of the file the next time + endac(); - /* Read the list of directories into a local linked list */ - /* XXX We should use the reentrant interfaces once they are available */ - while(getacdir(cur_dir, MAXNAMLEN) >= 0) { - dirent = (struct dir_ent *) malloc (sizeof(struct dir_ent)); - if(dirent == NULL) { - return -1; - } - + /* + * Read the list of directories into a local linked list. + * + * XXX We should use the reentrant interfaces once they are + * available. + */ + while (getacdir(cur_dir, MAXNAMLEN) >= 0) { + dirent = (struct dir_ent *) malloc(sizeof(struct dir_ent)); + if (dirent == NULL) + return (-1); dirent->softlim = 0; - dirent->dirname = (char *) malloc (MAXNAMLEN); - if(dirent->dirname == NULL) { + dirent->dirname = (char *) malloc(MAXNAMLEN); + if (dirent->dirname == NULL) { free(dirent); - return -1; + return (-1); } - strcpy(dirent->dirname, cur_dir); TAILQ_INSERT_TAIL(&dir_q, dirent, dirs); } allhardcount = 0; - - if(swap_audit_file() == -1) { + if (swap_audit_file() == -1) { syslog(LOG_ERR, "Could not swap audit file\n"); /* * XXX Faulty directory listing? - user should be given * XXX an opportunity to change the audit_control file * XXX switch to a reduced mode of auditing? */ - return -1; + return (-1); } /* @@ -276,24 +276,22 @@ * XXX what should we do if a trigger for the earlier limit * XXX is generated here? */ - if(0 == (ret = getacmin(&minval))) { - + if (0 == (ret = getacmin(&minval))) { syslog(LOG_INFO, "min free = %d\n", minval); - if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0) { - syslog(LOG_ERR, - "could not get audit queue settings\n"); - return -1; + syslog(LOG_ERR, + "could not get audit queue settings\n"); + return (-1); } qctrl.aq_minfree = minval; if (auditon(A_SETQCTRL, &qctrl, sizeof(qctrl)) != 0) { - syslog(LOG_ERR, - "could not set audit queue settings\n"); - return -1; + syslog(LOG_ERR, + "could not set audit queue settings\n"); + return (-1); } } - return 0; + return (0); } /* @@ -308,15 +306,15 @@ long cond; /* Generate an audit record */ - if((aufd = au_open()) == -1) { + if ((aufd = au_open()) == -1) { syslog(LOG_ERR, "Could not create audit shutdown event.\n"); } else { - if((tok = au_to_text("auditd::Audit shutdown")) != NULL) { + if ((tok = au_to_text("auditd::Audit shutdown")) != NULL) { au_write(aufd, tok); } - if(au_close(aufd, 1, AUE_audit_shutdown) == -1) { + if (au_close(aufd, 1, AUE_audit_shutdown) == -1) { syslog(LOG_ERR, "Could not close audit shutdown event.\n"); } } @@ -329,21 +327,21 @@ strerror(errno)); err_ret = 1; } - if(getTSstr(TS, POSTFIX_LEN) == 0) { + if (getTSstr(TS, POSTFIX_LEN) == 0) { close_lastfile(TS); } - if(lastfile != NULL) + if (lastfile != NULL) free(lastfile); free_dir_q(); - if((remove(AUDITD_PIDFILE) == -1) || err_ret) { + if ((remove(AUDITD_PIDFILE) == -1) || err_ret) { syslog(LOG_ERR, "Could not unregister\n"); audit_warn_postsigterm(); return (1); } endac(); - if(close(triggerfd) != 0) { + if (close(triggerfd) != 0) { syslog(LOG_ERR, "Error closing control file\n"); } syslog(LOG_INFO, "Finished.\n"); @@ -351,24 +349,29 @@ } /* - * When we get a signal, we are often not at a clean point. - * So, little can be done in the signal handler itself. Instead, - * we send a message to the main servicing loop to do proper - * handling from a non-signal-handler context. + * When we get a signal, we are often not at a clean point. So, little can + * be done in the signal handler itself. Instead, we send a message to the + * main servicing loop to do proper handling from a non-signal-handler + * context. + * + * XXXRW: I don't see that happening here. */ static void relay_signal(int signal) { } -/* registering the daemon */ -int register_daemon() +/* + * Registering the daemon. + */ +static int +register_daemon(void) { FILE * pidfile; int fd; pid_t pid; - /* Set up the signal hander */ + /* Set up the signal hander. */ if (signal(SIGTERM, relay_signal) == SIG_ERR) { syslog(LOG_ERR, "Could not set signal handler for SIGTERM\n"); @@ -384,37 +387,36 @@ syslog(LOG_ERR, "Could not open PID file\n"); audit_warn_tmpfile(); - return -1; + return (-1); } - /* attempt to lock the pid file; if a lock is present, exit */ + /* Attempt to lock the pid file; if a lock is present, exit. */ fd = fileno(pidfile); - if(flock(fd, LOCK_EX | LOCK_NB) < 0) { + if (flock(fd, LOCK_EX | LOCK_NB) < 0) { syslog(LOG_ERR, "PID file is locked (is another auditd running?).\n"); audit_warn_ebusy(); - return -1; + return (-1); } pid = getpid(); ftruncate(fd, 0); - if(fprintf(pidfile, "%u\n", pid) < 0) { - /* should not start the daemon */ + if (fprintf(pidfile, "%u\n", pid) < 0) { + /* Should not start the daemon. */ fail_exit(); } fflush(pidfile); - return 0; + return (0); } /* - * Suppress duplicate messages within a 30 second interval. - * This should be enough to time to rotate log files without - * thrashing from soft warnings generated before the log is - * actually rotated. + * Suppress duplicate messages within a 30 second interval. This should be + * enough to time to rotate log files without thrashing from soft warnings + * generated before the log is actually rotated. */ #define DUPLICATE_INTERVAL 30 -void +static void handle_audit_trigger(int trigger) { static int last_trigger; @@ -430,49 +432,47 @@ struct timezone tzp; time_t tt; - if(gettimeofday(&ts, &tzp) == 0) { + if (gettimeofday(&ts, &tzp) == 0) { tt = (time_t)ts.tv_sec; if ((trigger == last_trigger) && - (tt < (last_time + DUPLICATE_INTERVAL))) { + (tt < (last_time + DUPLICATE_INTERVAL))) return; - } last_trigger = trigger; last_time = tt; } /* - * Message processing is done here + * Message processing is done here. */ dirent = TAILQ_FIRST(&dir_q); switch(trigger) { case AUDIT_TRIGGER_LOW_SPACE: syslog(LOG_INFO, "Got low space trigger\n"); - if(dirent && (dirent->softlim != 1)) { + if (dirent && (dirent->softlim != 1)) { TAILQ_REMOVE(&dir_q, dirent, dirs); - /* add this node to the end of the list */ + /* Add this node to the end of the list. */ TAILQ_INSERT_TAIL(&dir_q, dirent, dirs); audit_warn_soft(dirent->dirname); dirent->softlim = 1; if (TAILQ_NEXT(TAILQ_FIRST(&dir_q), dirs) != NULL && - swap_audit_file() == -1) { + swap_audit_file() == -1) syslog(LOG_ERR, "Error swapping audit file\n"); - } /* - * check if the next dir has already reached its - * soft limit + * Check if the next dir has already reached its soft + * limit. */ dirent = TAILQ_FIRST(&dir_q); - if(dirent->softlim == 1) { - /* all dirs have reached their soft limit */ + if (dirent->softlim == 1) { + /* All dirs have reached their soft limit. */ audit_warn_allsoft(); } } else { /* - * Continue auditing to the current file - * Also generate an allsoft warning + * Continue auditing to the current file. Also + * generate an allsoft warning. * XXX do we want to do this ? */ audit_warn_allsoft(); @@ -482,46 +482,46 @@ case AUDIT_TRIGGER_NO_SPACE: syslog(LOG_INFO, "Got no space trigger\n"); - /* delete current dir, go on to next */ + /* Delete current dir, go on to next. */ TAILQ_REMOVE(&dir_q, dirent, dirs); audit_warn_hard(dirent->dirname); free(dirent->dirname); free(dirent); - if(swap_audit_file() == -1) + if (swap_audit_file() == -1) syslog(LOG_ERR, "Error swapping audit file\n"); - /* We are out of log directories */ + /* We are out of log directories. */ audit_warn_allhard(++allhardcount); - break; - case AUDIT_TRIGGER_OPEN_NEW : + case AUDIT_TRIGGER_OPEN_NEW: + /* + * Create a new file and swap with the one being used in + * kernel + */ syslog(LOG_INFO, "Got open new trigger\n"); - /* create a new file and swap with the one being - * used in kernel */ - if(swap_audit_file() == -1) + if (swap_audit_file() == -1) syslog(LOG_ERR, "Error swapping audit file\n"); break; - case AUDIT_TRIGGER_READ_FILE : + case AUDIT_TRIGGER_READ_FILE: syslog(LOG_INFO, "Got read file trigger\n"); - if(read_control_file() == -1) { - syslog(LOG_ERR, "Error in audit control file\n"); - } + if (read_control_file() == -1) + syslog(LOG_ERR, "Error in audit control file\n"); break; - default : + default: syslog(LOG_ERR, "Got unknown trigger %d\n", trigger); break; } - return; } /* * Read the control file for triggers and handle appropriately. */ -int wait_for_triggers() +static int +wait_for_triggers(void) { int num; unsigned int trigger; @@ -542,7 +542,7 @@ else handle_audit_trigger(trigger); } - return(close_all()); + return (close_all()); } /* @@ -555,15 +555,13 @@ int wstatus; while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) { - if (wstatus) { - syslog(LOG_INFO, "warn process [pid=%d] %s %d.\n", child, - ((WIFEXITED(wstatus)) ? - "exited with non-zero status" : - "exited as a result of signal"), - ((WIFEXITED(wstatus)) ? - WEXITSTATUS(wstatus) : - WTERMSIG(wstatus))); - } + if (!wstatus) + continue; + syslog(LOG_INFO, "warn process [pid=%d] %s %d.\n", child, + ((WIFEXITED(wstatus)) ? "exited with non-zero status" : + "exited as a result of signal"), + ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) : + WTERMSIG(wstatus))); } } @@ -571,7 +569,8 @@ * Configure the audit controls in the kernel: the event to class mapping, * kernel preselection mask, etc. */ -int config_audit_controls(long flags) +static int +config_audit_controls(long flags) { au_event_ent_t ev, *evp; au_evclass_map_t evc_map; @@ -579,14 +578,14 @@ int ctr = 0; char naeventstr[NA_EVENT_STR_SIZE]; - /* Process the audit event file, obtaining a class mapping for each + /* + * Process the audit event file, obtaining a class mapping for each * event, and send that mapping into the kernel. * XXX There's a risk here that the BSM library will return NULL * for an event when it can't properly map it to a class. In that * case, we will not process any events beyond the one that failed, * but should. We need a way to get a count of the events. */ - ev.ae_name = (char *)malloc(AU_EVENT_NAME_MAX); ev.ae_desc = (char *)malloc(AU_EVENT_DESC_MAX); if ((ev.ae_name == NULL) || (ev.ae_desc == NULL)) { @@ -595,17 +594,16 @@ return (-1); } evp = &ev; - while((evp = getauevent_r(evp)) != NULL) { + while ((evp = getauevent_r(evp)) != NULL) { evc_map.ec_number = evp->ae_number; evc_map.ec_class = evp->ae_class; - if (auditon(A_SETCLASS, &evc_map, - sizeof(au_evclass_map_t)) != 0) { + if (auditon(A_SETCLASS, &evc_map, sizeof(au_evclass_map_t)) + != 0) syslog(LOG_ERR, "Failed to register class mapping for event %s", evp->ae_name); - } else { + else ctr++; - } } endauevent(); free(ev.ae_name); @@ -613,37 +611,36 @@ if (ctr == 0) syslog(LOG_ERR, "No events to class mappings registered."); else - syslog(LOG_INFO, "Registered %d event to class mappings.", ctr); + syslog(LOG_INFO, "Registered %d event to class mappings.", + ctr); - /* Get the non-attributable event string and set the kernel mask - * from that. + /* + * Get the non-attributable event string and set the kernel mask from + * that. */ - if ((getacna(naeventstr, NA_EVENT_STR_SIZE) == 0) - && ( getauditflagsbin(naeventstr, &aumask) == 0)) { - - if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t))){ + if ((getacna(naeventstr, NA_EVENT_STR_SIZE) == 0) && + (getauditflagsbin(naeventstr, &aumask) == 0)) { + if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t))) syslog(LOG_ERR, - "Failed to register non-attributable event mask."); - } else { - syslog(LOG_INFO, "Registered non-attributable event mask."); - } - - } else { - syslog(LOG_ERR,"Failed to obtain non-attributable event mask."); - } + "Failed to register non-attributable event mask."); + else + syslog(LOG_INFO, + "Registered non-attributable event mask."); + } else + syslog(LOG_ERR, + "Failed to obtain non-attributable event mask."); /* * Set the audit policy flags based on passed in parameter values. */ - if (auditon(A_SETPOLICY, &flags, sizeof(flags))) { - syslog(LOG_ERR, - "Failed to set audit policy."); - } + if (auditon(A_SETPOLICY, &flags, sizeof(flags))) + syslog(LOG_ERR, "Failed to set audit policy."); - return 0; + return (0); } -void setup(long flags) +static void +setup(long flags) { int aufd; token_t *tok; @@ -654,34 +651,30 @@ } TAILQ_INIT(&dir_q); - - if(read_control_file() == -1) { + if (read_control_file() == -1) { syslog(LOG_ERR, "Error reading control file\n"); fail_exit(); } - /* Generate an audit record */ - if((aufd = au_open()) == -1) { + /* Generate an audit record. */ + if ((aufd = au_open()) == -1) syslog(LOG_ERR, "Could not create audit startup event.\n"); - } else { - - if((tok = au_to_text("auditd::Audit startup")) != NULL) { + else { >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601310120.k0V1KMm9080739>