diff options
Diffstat (limited to 'contrib/openbsm/man')
| -rw-r--r-- | contrib/openbsm/man/Makefile | 22 | ||||
| -rw-r--r-- | contrib/openbsm/man/Makefile.am | 24 | ||||
| -rw-r--r-- | contrib/openbsm/man/Makefile.in | 439 | ||||
| -rw-r--r-- | contrib/openbsm/man/audit.2 | 96 | ||||
| -rw-r--r-- | contrib/openbsm/man/audit.log.5 | 631 | ||||
| -rw-r--r-- | contrib/openbsm/man/audit_class.5 | 71 | ||||
| -rw-r--r-- | contrib/openbsm/man/audit_control.5 | 124 | ||||
| -rw-r--r-- | contrib/openbsm/man/audit_event.5 | 78 | ||||
| -rw-r--r-- | contrib/openbsm/man/audit_user.5 | 93 | ||||
| -rw-r--r-- | contrib/openbsm/man/audit_warn.5 | 69 | ||||
| -rw-r--r-- | contrib/openbsm/man/auditctl.2 | 78 | ||||
| -rw-r--r-- | contrib/openbsm/man/auditon.2 | 291 | ||||
| -rw-r--r-- | contrib/openbsm/man/getaudit.2 | 80 | ||||
| -rw-r--r-- | contrib/openbsm/man/getauid.2 | 74 | ||||
| -rw-r--r-- | contrib/openbsm/man/setaudit.2 | 81 | ||||
| -rw-r--r-- | contrib/openbsm/man/setauid.2 | 74 |
16 files changed, 0 insertions, 2325 deletions
diff --git a/contrib/openbsm/man/Makefile b/contrib/openbsm/man/Makefile deleted file mode 100644 index 1fbbc31f7afdf..0000000000000 --- a/contrib/openbsm/man/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile#7 $ -# - -MAN= audit.2 \ - auditctl.2 \ - auditon.2 \ - getaudit.2 \ - getauid.2 \ - setaudit.2 \ - setauid.2 \ - audit.log.5 \ - audit_class.5 \ - audit_control.5 \ - audit_event.5 \ - audit_user.5 \ - audit_warn.5 - -MLINKS= getaudit.2 getaudit_addr.2 \ - setaudit.2 setaudit_addr.2 - -.include <bsd.prog.mk> diff --git a/contrib/openbsm/man/Makefile.am b/contrib/openbsm/man/Makefile.am deleted file mode 100644 index e65a68cb327ab..0000000000000 --- a/contrib/openbsm/man/Makefile.am +++ /dev/null @@ -1,24 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile.am#1 $ -# - -man2_MANS = \ - audit.2 \ - auditctl.2 \ - auditon.2 \ - getaudit.2 \ - getauid.2 \ - setaudit.2 \ - setauid.2 - -man5_MANS = \ - audit.log.5 \ - audit_class.5 \ - audit_control.5 \ - audit_event.5 \ - audit_user.5 \ - audit_warn.5 - -# How to do MLINKS in automake? -# MLINKS= getaudit.2 getaudit_addr.2 \ -# setaudit.2 setaudit_addr.2 diff --git a/contrib/openbsm/man/Makefile.in b/contrib/openbsm/man/Makefile.in deleted file mode 100644 index 26e838859a526..0000000000000 --- a/contrib/openbsm/man/Makefile.in +++ /dev/null @@ -1,439 +0,0 @@ -# Makefile.in generated by automake 1.9.6 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# -# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile.in#3 $ -# -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -top_builddir = .. -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -INSTALL = @INSTALL@ -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = man -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config/config.h -CONFIG_CLEAN_FILES = -SOURCES = -DIST_SOURCES = -man2dir = $(mandir)/man2 -am__installdirs = "$(DESTDIR)$(man2dir)" "$(DESTDIR)$(man5dir)" -man5dir = $(mandir)/man5 -NROFF = nroff -MANS = $(man2_MANS) $(man5_MANS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMDEP_FALSE = @AMDEP_FALSE@ -AMDEP_TRUE = @AMDEP_TRUE@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@ -HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ -MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ -MAKEINFO = @MAKEINFO@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -ac_ct_RANLIB = @ac_ct_RANLIB@ -ac_ct_STRIP = @ac_ct_STRIP@ -am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ -am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ -am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ -am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -datadir = @datadir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -man2_MANS = \ - audit.2 \ - auditctl.2 \ - auditon.2 \ - getaudit.2 \ - getauid.2 \ - setaudit.2 \ - setauid.2 - -man5_MANS = \ - audit.log.5 \ - audit_class.5 \ - audit_control.5 \ - audit_event.5 \ - audit_user.5 \ - audit_warn.5 - -all: all-am - -.SUFFIXES: -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign man/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign man/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -distclean-libtool: - -rm -f libtool -uninstall-info-am: -install-man2: $(man2_MANS) $(man_MANS) - @$(NORMAL_INSTALL) - test -z "$(man2dir)" || $(mkdir_p) "$(DESTDIR)$(man2dir)" - @list='$(man2_MANS) $(dist_man2_MANS) $(nodist_man2_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.2*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 2*) ;; \ - *) ext='2' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man2dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man2dir)/$$inst"; \ - done -uninstall-man2: - @$(NORMAL_UNINSTALL) - @list='$(man2_MANS) $(dist_man2_MANS) $(nodist_man2_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.2*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 2*) ;; \ - *) ext='2' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man2dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man2dir)/$$inst"; \ - done -install-man5: $(man5_MANS) $(man_MANS) - @$(NORMAL_INSTALL) - test -z "$(man5dir)" || $(mkdir_p) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done -uninstall-man5: - @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done -tags: TAGS -TAGS: - -ctags: CTAGS -CTAGS: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ - list='$(DISTFILES)'; for file in $$list; do \ - case $$file in \ - $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ - $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ - esac; \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test "$$dir" != "$$file" && test "$$dir" != "."; then \ - dir="/$$dir"; \ - $(mkdir_p) "$(distdir)$$dir"; \ - else \ - dir=''; \ - fi; \ - if test -d $$d/$$file; then \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(MANS) -installdirs: - for dir in "$(DESTDIR)$(man2dir)" "$(DESTDIR)$(man5dir)"; do \ - test -z "$$dir" || $(mkdir_p) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-libtool - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: install-man - -install-exec-am: - -install-info: install-info-am - -install-man: install-man2 install-man5 - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-info-am uninstall-man - -uninstall-man: uninstall-man2 uninstall-man5 - -.PHONY: all all-am check check-am clean clean-generic clean-libtool \ - distclean distclean-generic distclean-libtool distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-exec install-exec-am \ - install-info install-info-am install-man install-man2 \ - install-man5 install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am uninstall uninstall-am uninstall-info-am \ - uninstall-man uninstall-man2 uninstall-man5 - - -# How to do MLINKS in automake? -# MLINKS= getaudit.2 getaudit_addr.2 \ -# setaudit.2 setaudit_addr.2 -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/contrib/openbsm/man/audit.2 b/contrib/openbsm/man/audit.2 deleted file mode 100644 index 6e14899c2ad19..0000000000000 --- a/contrib/openbsm/man/audit.2 +++ /dev/null @@ -1,96 +0,0 @@ -.\"- -.\" Copyright (c) 2005 Tom Rhodes -.\" Copyright (c) 2005 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#6 $ -.\" -.Dd April 19, 2005 -.Dt AUDIT 2 -.Os -.Sh NAME -.Nm audit -.Nd "Commit a BSM audit record to the audit log" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn audit "const char *record" "u_int length" -.Sh DESCRIPTION -.Fn audit -submits a completed BSM audit record to the system audit log. -.Pp -.Fa record -is a pointer to the the specific event to be recorded and -.Vt length -is the size in bytes of the data to be written. -.Sh RETURN VALUES -.Rv -std -.Sh ERRORS -The -.Fn audit -system call will fail and the data never written if: -.Bl -tag -width Er -.It Bq Er EFAULT -The -.Fa record -argument is beyond the allocated address space of the process. -.It Bq Er EINVAL -The token ID is invalid or -.Vt length -is larger than -.Vt MAXAUDITDATA . -.It Bq Er EPERM -The process does not have sufficient permission to complete -the operation. -.El -.Sh SEE ALSO -.Xr auditon 2 , -.Xr getauid 2 , -.Xr setauid 2 , -.Xr getaudit 2 , -.Xr setaudit 2 , -.Xr getaudit_addr 2 , -.Xr setaudit_addr 2 , -.Xr libbsm 3 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Tom Rhodes Aq trhodes@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. -.Sh BUGS -The -.Fx -kernel does not fully validate that the argument passed is syntactically -valid BSM. -Submitting invalid audit records may corrupt the audit log. diff --git a/contrib/openbsm/man/audit.log.5 b/contrib/openbsm/man/audit.log.5 deleted file mode 100644 index f6e28ab07536f..0000000000000 --- a/contrib/openbsm/man/audit.log.5 +++ /dev/null @@ -1,631 +0,0 @@ -.\"- -.\" Copyright (c) 2005-2006 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#10 $ -.\" -.Dd May 1, 2005 -.Dt AUDIT.LOG 5 -.Os -.Sh NAME -.Nm audit -.Nd "Basic Security Module (BSM) File Format" -.Sh DESCRIPTION -The -.Nm -file format is based on Sun's Basic Security Module (BSM) file format, a -token-based record stream to represent system audit data. -This file format is both flexible and extensible, able to describe a broad -range of data types, and easily extended to describe new data types in a -moderately backward and forward compatible way. -.Pp -BSM token streams typically begin and end with a -.Dv file -token, which provides time stamp and file name information for the stream; -when processing a BSM token stream from a stream as opposed to a single file -source, file tokens may be seen at any point between ordinary records -identifying when particular parts of the stream begin and end. -All other tokens will appear in the context of a complete BSM audit record, -which begins with a -.Dv header -token, and ends with a -.Dv trailer -token, which describe the audit record. -Between these two tokens will appear a variety of data tokens, such as -process information, file path names, IPC object information, MAC labels, -socket information, and so on. -.Pp -The BSM file format defines specific token orders for each record event type; -however, some variation may occur depending on the operating system in use, -what system options, such as mandatory access control, are present. -.Pp -This manual page documents the common token types and their binary format, and -is intended for reference purposes only. -It is recommended that application programmers use the -.Xr libbsm 3 -interface to read and write tokens, rather than parsing or constructing -records by hand. -.Ss File Token -The -.Dv file -token is used at the beginning and end of an audit log file to indicate -when the audit log begins and ends. -It includes a pathname so that, if concatenated together, original file -boundaries are still observable, and gaps in the audit log can be identified. -A -.Dv file -token can be created using -.Xr au_to_file 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Seconds" Ta "4 bytes" Ta "File time stamp" -.It Li "Microseconds" Ta "4 bytes" Ta "File time stamp" -.It Li "File name lengh" Ta "2 bytes" Ta "File name of audit trail" -.It Li "File pathname" Ta "N bytes + 1 nul" Ta "File name of audit trail" -.El -.Ss Header Token -The -.Dv header -token is used to mark the beginning of a complete audit record, and includes -the length of the total record in bytes, a version number for the record -layout, the event type and subtype, and the time at which the event occurred. -A 32-bit -.Dv header -token can be created using -.Xr au_to_header32 3 ; -a 64-bit -.Dv header -token can be created using -.Xr au_to_header64 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record" -.It Li "Version Number" Ta "2 bytes" Ta "Record version number" -.It Li "Event Type" Ta "2 bytes" Ta "Event type" -.It Li "Event Modifier" Ta "2 bytes" Ta "Event sub-type" -.It Li "Seconds" Ta "4/8 bytes" Ta "Record time stamp (32/64-bits)" -.It Li "Nanoseconds" Ta "4/8 byets" Ta "Record time stamp (32/64-bits)" -.El -.Ss Expanded Header Token -The -.Dv expanded header -token is an expanded version of the -.Dv header -token, with the addition of a machine IPv4 or IPv6 address. -A 32-bit extended -.Dv header -token can be created using -.Xr au_to_header32_ex 3 ; -a 64-bit extended -.Dv header -token can be created using -.Xr au_to_header64_ex 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record" -.It Li "Version Number" Ta "2 bytes" Ta "Record version number" -.It Li "Event Type" Ta "2 bytes" Ta "Event type" -.It Li "Event Modifier" Ta "2 bytes" Ta "Event sub-type" -.It Li "Address Type/Length" Ta "1 byte" Ta "Host address type and length" -.It Li "Machine Address" Ta "4/16 bytes" Ta "IPv4 or IPv6 address" -.It Li "Seconds" Ta "4/8 bytes" Ta "Record time stamp (32/64-bits)" -.It Li "Nanoseconds" Ta "4/8 byets" Ta "Record time stamp (32/64-bits)" -.El -.Ss Trailer Token -The -.Dv trailer -terminates a BSM audit record, and contains a magic number, -.Dv TRAILER_PAD_MAGIC -and length that can be used to validate that the record was read properly. -A -.Dv trailer -token can be created using -.Xr au_to_trailer 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Trailer Magic" Ta "2 bytes" Ta "Trailer magic number" -.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record" -.El -.Ss Arbitrary Data Token -The -.Dv arbitrary data -token contains a byte stream of opaque (untyped) data. -The size of the data is calculated as the size of each unit of data -multipled by the number of units of data. -A -.Dv How to print -field is present to specify how to print the data, but interpretation of -that field is not currently defined. -An -.Dv arbitrary data -token can be created using -.Xr au_to_data 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "How to Print" Ta "1 byte" Ta "User-defined printing information" -.It Li "Basic Unit" Ta "1 byte" Ta "Size of a unit in bytes" -.It Li "Unit Count" Ta "1 byte" Ta "Number of units of data present" -.It Li "Data Items" Ta "Variable" Ta "User data" -.El -.Ss in_addr Token -The -.Dv in_addr -token holds a network byte order IPv4 or IPv6 address. -An -.Dv in_addr -token can be created using -.Xr au_to_in_addr 3 -for an IPv4 address, or -.Xr au_to_in_addr_ex 3 -for an IPv6 address. -.Pp -See the BUGS section for information on the storage of this token. -.Pp -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "IP Address Type" Ta "1 byte" Ta "Type of address" -.It Li "IP Address" Ta "4/16 bytes" Ta "IPv4 or IPv6 address" -.El -.Ss Expanded in_addr Token -The -.Dv expanded in_addr -token ... -.Pp -See the BUGS section for information on the storage of this token. -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It XXXX -.El -.Ss ip Token -The -.Dv ip -token contains an IP packet header in network byte order. -An -.Dv ip -token can be created using -.Xr au_to_ip 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Version and IHL" Ta "1 byte" Ta "Version and IP header length" -.It Li "Type of Service" Ta "1 byte" Ta "IP TOS field" -.It Li "Length" Ta "2 bytes" Ta "IP packet length in network byte order" -.It Li "ID" Ta "2 bytes" Ta "IP header ID for reassembly" -.It Li "Offset" Ta "2 bytes" Ta "IP fragment offset and flags, network byte order" -.It Li "TTL" Ta "1 byte" Ta "IP Time-to-Live" -.It Li "Protocol" Ta "1 byte" Ta "IP protocol number" -.It Li "Checksum" Ta "2 bytes" Ta "IP header checksum, network byte order" -.It Li "Source Address" Ta "4 bytes" Ta "IPv4 source address" -.It Li "Destination Address" Ta "4 bytes" Ta "IPv4 destination address" -.El -.Ss Expanded ip Token -The -.Dv expanded ip -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It XXXX -.El -.Ss iport Token -The -.Dv iport -token stores an IP port number in network byte order. -An -.Dv iport -token can be created using -.Xr au_to_iport 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Port Number" Ta "2 bytes" Ta "Port number in network byte order" -.El -.Ss Path Token -The -.Dv path -token contains a pathname. -A -.Dv path -token can be created using -.Xr au_to_path 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Path Length" Ta "2 bytes" Ta "Length of path in bytes" -.It Li "Path" Ta "N bytes + 1 nul" Ta "Path name" -.El -.Ss path_attr Token -The -.Dv path_attr -token contains a set of nul-terminated path names. -The -.Xr libbsm 3 -API cannot currently create a -.Dv path_attr -token. -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Count" Ta "2 bytes" Ta "Number of nul-terminated string(s) in token" -.It Li "Path" Ta "Variable" Ta "count nul-terminated string(s)" -.El -.Ss Process Token -The -.Dv process -token contains a description of the security properties of a process -involved as the target of an auditable event, such as the destination for -signal delivery. -It should not be confused with the -.Dv subject -token, which describes the subject performing an auditable event. -This includes both the traditional -.Ux -security properties, such as user IDs and group IDs, but also audit -information such as the audit user ID and session. -A -.Dv process -token can be created using -.Xr au_to_process32 3 -or -.Xr au_to_process64 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" -.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" -.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" -.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" -.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" -.It Li "Process ID" Ta "4 bytes" Ta "Process ID" -.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" -.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" -.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IP address of machine" -.El -.Ss Expanded Process Token -The -.Dv expanded process -token contains the contents of the -.Dv process -token, with the addition of a machine address type and variable length -address storage capable of containing IPv6 addresses. -An -.Dv expanded process -token can be created using -.Xr au_to_process32_ex 3 -or -.Xr au_to_process64_ex 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" -.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" -.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" -.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" -.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" -.It Li "Process ID" Ta "4 bytes" Ta "Process ID" -.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" -.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" -.It Li "Terminal Address Type/Length" Ta "1 byte" "Length of machine address" -.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IPv4 or IPv6 address of machine" -.El -.Ss Return Token -The -.Dv return -token contains a system call or library function return condition, including -return value and error number associated with the global variable -.Er errno . -A -.Dv return -token can be created using -.Xr au_to_return32 3 -or -.Xr au_to_return64 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Error Number" Ta "1 byte" Ta "Errno value, or 0 if undefined" -.It Li "Return Value" Ta "4/8 bytes" Ta "Return value (32/64-bits)" -.El -.Ss Subject Token -The -.Dv subject -token contains information on the subject performing the operation described -by an audit record, and includes similar information to that found in the -.Dv process -and -.Dv expanded process -tokens. -However, those tokens are used where the process being described is the -target of the operation, not the authorizing party. -A -.Dv subject -token can be created using -.Xr au_to_subject32 3 -and -.Xr au_to_subject64 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" -.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" -.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" -.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" -.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" -.It Li "Process ID" Ta "4 bytes" Ta "Process ID" -.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" -.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" -.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IP address of machine" -.El -.Ss Expanded Subject Token -The -.Dv expanded subject -token consists of the same elements as the -.Dv subject -token, with the addition of type/length and variable size machine address -information in the terminal ID. -An -.Dv expanded subject -token can be created using -.Xr au_to_subject32_ex 3 -or -.Xr au_to_subject64_ex 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" -.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" -.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" -.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" -.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" -.It Li "Process ID" Ta "4 bytes" Ta "Process ID" -.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" -.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" -.It Li "Terminal Address Type/Length" Ta "1 byte" "Length of machine address" -.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IPv4 or IPv6 address of machine" -.El -.Ss System V IPC Token -The -.Dv System V IPC -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Object ID type" Ta "1 byte" Ta "Object ID" -.It Li "Object ID" Ta "4 bytes" Ta "Object ID" -.El -.Ss Text Token -The -.Dv text -token contains a single nul-terminated text string. -A -.Dv text -token may be created using -.Xr au_to_text 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Text Length" Ta "2 bytes" Ta "Length of text string including nul" -.It Li "Text" Ta "N bytes + 1 nul" Ta "Text string including nul" -.El -.Ss Attribute Token -The -.Dv attribute -token describes the attributes of a file associated with the audit event. -As files may be identified by 0, 1, or many path names, a path name is not -included with the attribute block for a file; optional -.Dv path -tokens may also be present in an audit record indicating which path, if any, -was used to reach the object. -An -.Dv attribute -token can be created using -.Xr au_to_attr32 3 -or -.Xr au_to_attr64 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "File Access Mode" Ta "1 byte" Ta "mode_t associated with file" -.It Li "Owner User ID" Ta "4 bytes" Ta "uid_t associated with file" -.It Li "Owner Group ID" Ta "4 bytes" Ta "gid_t associated with file" -.It Li "File System ID" Ta "4 bytes" Ta "fsid_t associated with file" -.It Li "File System Node ID" Ta "8 bytes" Ta "ino_t associated with file" -.It Li "Device" Ta "4/8 bytes" Ta "Device major/minor number (32/64-bit)" -.El -.Ss Groups Token -The -.Dv groups -token contains a list of group IDs associated with the audit event. -A -.Dv groups -token can be created using -.Xr au_to_groups 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Number of Groups" Ta "2 bytes" Ta "Number of groups in token" -.It Li "Group List" Ta "N * 4 bytes" Ta "List of N group IDs" -.El -.Ss System V IPC Permission Token -The -.Dv System V IPC permission -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss Arg Token -The -.Dv arg -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss exec_args Token -The -.Dv exec_args -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss exec_env Token -The -.Dv exec_env -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss Exit Token -The -.Dv exit -token contains process exit/return code information. -An -.Dv exit -token can be created using -.Xr au_to_exit 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Status" Ta "4 bytes" Ta "Process status on exit" -.It Li "Return Value" ta "4 bytes" Ta "Process return value on exit" -.El -.Ss Socket Token -The -.Dv socket -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss Expanded Socket Token -The -.Dv expanded socket -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss Seq Token -The -.Dv seq -token contains a unique and monotonically increasing audit event sequence ID. -Due to the limited range of 32 bits, serial number arithmetic and caution -should be used when comparing sequence numbers. -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li "Sequence Number" Ta "4 bytes" Ta "Audit event sequence number" -.El -.Ss privilege Token -The -.Dv privilege -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss Use-of-auth Token -The -.Dv use-of-auth -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss Command Token -The -.Dv command -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss ACL Token -The -.Dv ACL -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Ss Zonename Token -The -.Dv zonename -token ... -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" -.It Sy "Field" Ta Sy Bytes Ta Sy Description -.It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX -.El -.Sh SEE ALSO -.Xr libbsm 3 , -.Xr audit 8 -.Sh AUTHORS -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Robert Watson Aq rwatson@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. -.Sh BUGS -The -.Dv How to print -field in the -.Dv arbitrary data -token has undefined values. -.Pp -The -.Dv in_addr -and -.Dv in_addr_ex -token layout documented here appears to be in conflict with the -.Xr libbsm 3 -implementations of -.Xr au_to_in_addr 3 -and -.Xr au_to_in_addr_ex 3 . diff --git a/contrib/openbsm/man/audit_class.5 b/contrib/openbsm/man/audit_class.5 deleted file mode 100644 index dfd44a9238d14..0000000000000 --- a/contrib/openbsm/man/audit_class.5 +++ /dev/null @@ -1,71 +0,0 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of -.\" its contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR -.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -.\" POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#7 $ -.\" -.Dd January 24, 2004 -.Dt AUDIT_CLASS 5 -.Os -.Sh NAME -.Nm audit_class -.Nd "contains audit event class descriptions" -.Sh DESCRIPTION -The -.Nm -file contains descriptions of the auditable event classes on the system. -Each auditable event is a member of an event class. -Each line maps an audit event -mask (bitmap) to a class and a description. -Entries are of the form: -.Pp -.Dl classmask:eventclass:description -.Pp -Example entries in this file are: -.Bd -literal -offset indent -0x00000000:no:invalid class -0x00000001:fr:file read -0x00000002:fw:file write -0x00000004:fa:file attribute access -0x00000080:pc:process -0xffffffff:all:all flags set -.Ed -.Sh FILES -.Bl -tag -width "/etc/security/audit_class" -compact -.It Pa /etc/security/audit_class -.El -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5 deleted file mode 100644 index dd39afc76069f..0000000000000 --- a/contrib/openbsm/man/audit_control.5 +++ /dev/null @@ -1,124 +0,0 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of -.\" its contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR -.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -.\" POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $ -.\" -.Dd January 4, 2006 -.Dt AUDIT_CONTROL 5 -.Os -.Sh NAME -.Nm audit_control -.Nd "contains audit system parameters" -.Sh DESCRIPTION -The -.Nm -file contains several audit system parameters. -Each line of this file is of the form: -.Pp -.Dl parameter:value -.Pp -The parameters are: -.Bl -tag -width Ds -.It Pa dir -The directory where audit log files are stored. -There may be more than one of these entries. -Changes to this entry can only be enacted by restarting the -audit system. -See -.Xr audit 1 -for a description of how to restart the audit system. -.It Va flags -Specifies which audit event classes are audited for all users. -.Xr audit_user 5 -describes how to audit events for individual users. -See the information below for the format of the audit flags. -.It Va naflags -Contains the audit flags that define what classes of events are audited when -an action cannot be attributed to a specific user. -.It Va minfree -The minimum free space required on the file system audit logs are being written to. -When the free space falls below this limit a warning will be issued. -Not currently used as the value of 20 percent is chosen by the kernel. -.El -.Sh AUDIT FLAGS -Audit flags are a comma-delimited list of audit classes as defined in the -.Pa audit_class -file. -See -.Xr audit_class 5 -for details. -Event classes may be preceded by a prefix which changes their interpretation. -The following prefixes may be used for each class: -.Pp -.Bl -tag -width Ds -compact -offset indent -.It + -Record successful events -.It - -Record failed events -.It ^ -Record both successful and failed events -.It ^+ -Do not record successful events -.It ^- -Do not record failed events -.El -.Sh DEFAULT -The following settings appear in the default -.Nm -file: -.Bd -literal -offset indent -dir:/var/audit -flags:lo -minfree:20 -naflags:lo -.Ed -.Pp -The -.Va flags -parameter above specifies the system-wide mask corresponding to login/logout -events. -.Sh FILES -.Bl -tag -width "/etc/security/audit_control" -compact -.It Pa /etc/security/audit_control -.El -.Sh SEE ALSO -.Xr audit_class 5 , -.Xr audit_user 5 , -.Xr audit 8 , -.Xr auditd 8 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/audit_event.5 b/contrib/openbsm/man/audit_event.5 deleted file mode 100644 index cfa81f6272a9c..0000000000000 --- a/contrib/openbsm/man/audit_event.5 +++ /dev/null @@ -1,78 +0,0 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of -.\" its contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR -.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -.\" POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#8 $ -.\" -.Dd January 24, 2004 -.Dt AUDIT_EVENT 5 -.Os -.Sh NAME -.Nm audit_event -.Nd "contains audit event descriptions" -.Sh DESCRIPTION -The -.Nm -file contains descriptions of the auditable events on the system. -Each line maps an audit event number to a name, a description, and a class. -Entries are of the form: -.Pp -.Dl eventnum:eventname:description:eventclass -.Pp -Each -.Vt eventclass -should have a corresponding entry in the -.Pa audit_class -file. -See -.Xr audit_class 5 -for details. -.Pp -Example entries in this file are: -.Bd -literal -offset indent -0:AUE_NULL:indir system call:no -1:AUE_EXIT:exit(2):pc -2:AUE_FORK:fork(2):pc -3:AUE_OPEN:open(2):fa -.Ed -.Sh FILES -.Bl -tag -width "/etc/security/audit_event" -compact -.It Pa /etc/security/audit_event -.El -.Sh SEE ALSO -.Xr audit_class 5 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/audit_user.5 b/contrib/openbsm/man/audit_user.5 deleted file mode 100644 index 05877d555ce53..0000000000000 --- a/contrib/openbsm/man/audit_user.5 +++ /dev/null @@ -1,93 +0,0 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of -.\" its contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR -.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -.\" POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#7 $ -.\" -.Dd February 5, 2006 -.Dt AUDIT_USER 5 -.Os -.Sh NAME -.Nm audit_user -.Nd "specifies events to be audited for the given users" -.Sh DESCRIPTION -The -.Nm -file specifies which audit event classes are to be audited for the given users. -If specified, these flags are combined with the system-wide audit flags in the -.Pa audit_control -file to determine which classes of events to audit for that user. -These settings take effect when the user logs in. -.Pp -Each line maps a user name to a list of classes that should be audited and a -list of classes that should not be audited. -Entries are of the form: -.Pp -.Dl username:alwaysaudit:neveraudit -.Pp -In the format above, -.Vt alwaysaudit -is a set of event classes that are always audited, and -.Vt neveraudit -is a set of event classes that should not be audited. -These sets can indicate -the inclusion or exclusion of multiple classes, and whether to audit successful -or failed events. -See -.Xr audit_control 5 -for more information about audit flags. -.Pp -Example entries in this file are: -.Bd -literal -offset indent -root:lo,ad:no -jdoe:-fc,ad:+fw -.Ed -.Pp -These settings would cause login/logout and administrative events that -succeed on behalf of user root to be audited. -No failure events are audited. -For the user -.Em jdoe , -failed file creation events are audited, administrative events are -audited, and successful file write events are never audited. -.Sh FILES -.Bl -tag -width "/etc/security/audit_user" -compact -.It Pa /etc/security/audit_user -.El -.Sh SEE ALSO -.Xr audit_control 5 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/audit_warn.5 b/contrib/openbsm/man/audit_warn.5 deleted file mode 100644 index 18cb74e0996e4..0000000000000 --- a/contrib/openbsm/man/audit_warn.5 +++ /dev/null @@ -1,69 +0,0 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of -.\" its contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR -.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -.\" POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#6 $ -.\" -.Dd March 17, 2004 -.Dt AUDIT_WARN 5 -.Os -.Sh NAME -.Nm audit_warn -.Nd "alert when audit daemon issues warnings" -.Sh DESCRIPTION -.Nm -runs when -.Xr auditd 8 -generates warning messages. -.Pp -The default -.Nm -is a script whose first parameter is the type of warning; the script -appends its arguments to -.Pa /etc/security/audit_messages . -Administrators may replace this script: a more comprehensive one would take -different actions based on the type of warning. -For example, a low-space warning -could result in an email message being sent to the administrator. -.Sh FILES -.Bl -tag -width "/etc/security/audit_warn" -compact -.It Pa /etc/security/audit_warn -.It Pa /etc/security/audit_messages -.El -.Sh SEE ALSO -.Xr auditd 8 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/auditctl.2 b/contrib/openbsm/man/auditctl.2 deleted file mode 100644 index afda8e4b13354..0000000000000 --- a/contrib/openbsm/man/auditctl.2 +++ /dev/null @@ -1,78 +0,0 @@ -.\"- -.\" Copyright (c) 2005-2006 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#5 $ -.\" -.Dd April 19, 2005 -.Dt AUDITCTL 2 -.Os -.Sh NAME -.Nm auditctl -.Nd "Configure system audit parameters" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn auditctl "const char *path" -.Sh DESCRIPTION -The -.Fn auditctl -system call directs the kernel to open a new audit trail log file. -.Fn auditctl -requires appropriate privilege. -In the -.Fx -implementation, -.Fn auditctl -opens new files, but -.Fn auditon -is used to disable the audit log. -In the Mac OS X implementation, passing -.Va NULL -to -.Fn auditctl -will disable the audit log. -.Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . -.Sh SEE ALSO -.Xr libbsm 3 , -.Xr auditd 8 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Robert Watson Aq rwatson@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/auditon.2 b/contrib/openbsm/man/auditon.2 deleted file mode 100644 index 9dedbba53b07a..0000000000000 --- a/contrib/openbsm/man/auditon.2 +++ /dev/null @@ -1,291 +0,0 @@ -.\"- -.\" Copyright (c) 2005 Robert N. M. Watson -.\" Copyright (c) 2005 Tom Rhodes -.\" Copyright (c) 2005 Wayne J. Salamon -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $ -.\" -.Dd April 19, 2005 -.Dt AUDITON 2 -.Os -.Sh NAME -.Nm auditon -.Nd "Configure system audit parameters" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn auditon "int cmd" "void *data" "u_int length" -.Sh DESCRIPTION -The -.Nm -system call is used to manipulate various audit control operations. -.Ft *data -should point to a structure whose type depends on the command. -.Ft length -specifies the size of the -.Em data -in bytes. -.Ft cmd -may be any of the following: -.Bl -tag -width ".It Dv A_GETPINFO_ADDR" -.It Dv A_SETPOLICY -Set audit policy flags. -.Ft *data -must point to a long value set to one of the audit -policy control values defined in -.Pa audit.h . -Currently, only -.Dv AUDIT_CNT -and -.Dv AUDIT_AHLT -are implemented. -In the -.Dv AUDIT_CNT -case, the action will continue regardless if -an event will not be audited. -In the -.Dv AUDIT_AHLT -case, a -.Xr panic 9 -will result if an event will not be written to the -audit log file. -.It Dv A_SETKAUDIT -Return -.Er ENOSYS . -.It Dv A_SETKMASK -Set the kernel preselection masks (success and failure). -.Ft *data -must point to a -.Ft au_mask_t -structure containing the mask values. -These masks are used for non-attributable audit event preselection. -.It Dv A_SETQCTRL -Set kernel audit queue parameters. -.Ft *data -must point to a -.Ft au_qctrl_t -structure containing the -kernel audit queue control settings: -.Va high water , -.Va low water , -.Va output buffer size , -.Va percent min free disk space , -and -.Em delay -(not currently used). -.It Dv A_SETSTAT -Return -.Er ENOSYS . -.It Dv A_SETUMASK -Return -.Er ENOSYS . -.It Dv A_SETSMASK -Return -.Er ENOSYS . -.It Dv A_SETCOND -Set the current auditing condition. -.Ft *data -must point to a long value containing the new -audit condition, one of -.Dv AUC_AUDITING , -.Dv AUC_NOAUDIT , -or -.Dv AUC_DISABLED . -.It Dv A_SETCLASS -Set the event class preselection mask for an audit event. -.Ft *data -must point to a -.Ft au_evclass_map_t -structure containing the audit event and mask. -.It Dv A_SETPMASK -Set the preselection masks for a process. -.Ft *data -must point to a -.Ft auditpinfo_t -structure that contains the given process's audit -preselection masks for both success and failure. -.It Dv A_SETFSIZE -Set the maximum size of the audit log file. -.Ft *data -must point to a -.Ft au_fstat_t -structure with the -.Ft af_filesz -field set to the maximum audit log file size. A value of 0 -indicates no limit to the size. -.It Dv A_SETKAUDIT -Return -.Er ENOSYS . -.It Dv A_GETCLASS -Return the event to class mapping for the designated audit event. -.Ft *data -must point to a -.Ft au_evclass_map_t -structure. -.It Dv A_GETKAUDIT -Return -.Er ENOSYS . -.It Dv A_GETPINFO -Return the audit settings for a process. -.Ft *data -must point to a -.Ft auditpinfo_t -structure which will be set to contain -the audit ID, preselection mask, terminal ID, and audit session -ID of the given process. -.It Dv A_GETPINFO_ADDR -Return -.Er ENOSYS . -.It Dv A_GETKMASK -Return the current kernel preselection masks. -.Ft *data -must point to a -.Ft au_mask_t -structure which will be set to -the current kernel preselection masks for non-attributable events. -.It Dv A_GETPOLICY -Return the current audit policy setting. -.Ft *data -must point to a long value which will be set to -one of the current audit policy flags. -Currently, only -.Dv AUDIT_CNT -and -.Dv AUDIT_AHLT -are implemented. -.It Dv A_GETQCTRL -Return the current kernel audit queue control parameters. -.Ft *data -must point to a -.Ft au_qctrl_t -structure which will be set to the current -kernel audit queue control parameters. -.It Dv A_GETFSIZE -Returns the maximum size of the audit log file. -.Ft *data -must point to a -.Ft au_fstat_t -structure. The -.Ft af_filesz -field will be set to the maximum audit log file size. -A value of 0 indicates no limit to the size. -The -.Ft af_filesz -will be set to the current audit log file size. -.It Dv A_GETCWD -.\" [COMMENTED OUT]: Valid description, not yet implemented. -.\" Return the current working directory as stored in the audit subsystem. -Return -.Er ENOSYS . -.It Dv A_GETCAR -.\" [COMMENTED OUT]: Valid description, not yet implemented. -.\"Stores and returns the current active root as stored in the audit -.\"subsystem. -Return -.Er ENOSYS . -.It Dv A_GETSTAT -.\" [COMMENTED OUT]: Valid description, not yet implemented. -.\"Return the statistics stored in the audit system. -Return -.Er ENOSYS . -.It Dv A_GETCOND -Return the current auditing condition. -.Ft *data -must point to a long value which will be set to -the current audit condition, either -.Dv AUC_AUDITING -or -.Dv AUC_NOAUDIT . -.It Dv A_SENDTRIGGER -Send a trigger to the audit daemon. -.Fr *data -must point to a long value set to one of the acceptable -trigger values: -.Dv AUDIT_TRIGGER_LOW_SPACE -(low disk space where the audit log resides), -.Dv AUDIT_TRIGGER_OPEN_NEW -(open a new audit log file), -.Dv AUDIT_TRIGGER_READ_FILE -(read the -.Pa audit_control -file), -.Dv AUDIT_TRIGGER_CLOSE_AND_DIE -(close the current log file and exit), -or -.Dv AUDIT_TRIGGER_NO_SPACE -(no disk space left for audit log file). -.El -.Sh RETURN VALUES -.Rv -std -.Sh ERRORS -The -.Fn auditon -function will fail if: -.Bl -tag -width Er -.It Bq Er ENOSYS -Returned by options not yet implemented. -.It Bq Er EFAULT -A failure occurred while data transferred to or from -the kernel failed. -.It Bq Er EINVAL -Illegal argument was passed by a system call. -.It Bq Er EPERM -The process does not have sufficient permission to complete -the operation. -.El -.Pp -The -.Dv A_SENDTRIGGER -command is specific to the -.Fx -and Mac OS X implementations, and is not present in Solaris. -.Sh SEE ALSO -.Xr audit 2 , -.Xr auditctl 2 , -.Xr getauid 2 , -.Xr setauid 2 , -.Xr getaudit 2 , -.Xr setaudit 2 , -.Xr getaudit_addr 2 , -.Xr setaudit_addr 2 , -.Xr libbsm 3 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Tom Rhodes Aq trhodes@FreeBSD.org , -.An Robert Watson Aq rwatson@FreeBSD.org , -and -.An Wayne Salamon Aq wsalamon@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2003. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/getaudit.2 b/contrib/openbsm/man/getaudit.2 deleted file mode 100644 index 05a938c8f9efa..0000000000000 --- a/contrib/openbsm/man/getaudit.2 +++ /dev/null @@ -1,80 +0,0 @@ -.\"- -.\" Copyright (c) 2005 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#5 $ -.\" -.Dd April 19, 2005 -.Dt GETAUDIT 2 -.Os -.Sh NAME -.Nm getaudit , -.Nm getaudit_addr -.Nd "Retrieve audit session state" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn getaudit "auditinfo_t *auditinfo" -.Ft int -.Fn getaudit_addr "auditinfo_addr_t *auditinfo_addr" "u_int length" -.Sh DESCRIPTION -.Fn getaudit -retrieves the active audit session state for the current process via the -.Vt auditinfo_t -pointed to by -.Va auditinfo . -.Fn getaudit_addr -retrieves extended state via -.Va auditinfo_addr -and -.Va length . -.Pp -This system call requires appropriate privilege to complete. -.Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . -.Sh SEE ALSO -.Xr audit 2 , -.Xr auditon 2 , -.Xr getauid 2 , -.Xr setauid 2 , -.Xr setaudit 2 , -.Xr libbsm 3 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Robert Watson Aq rwatson@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/getauid.2 b/contrib/openbsm/man/getauid.2 deleted file mode 100644 index 9751da959390a..0000000000000 --- a/contrib/openbsm/man/getauid.2 +++ /dev/null @@ -1,74 +0,0 @@ -.\"- -.\" Copyright (c) 2005 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#5 $ -.\" -.Dd April 19, 2005 -.Dt GETAUID 2 -.Os -.Sh NAME -.Nm getauid -.Nd "Retrieve audit session ID" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn getauid "au_id_t *auid" -.Sh DESCRIPTION -.Nm -retrieves the active audit session ID for the current process via the -.Vt au_id_t -pointed to by -.Va auid . -.Pp -This system call requires appropriate privilege to complete. -.Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . -.Sh SEE ALSO -.Xr audit 2 , -.Xr auditon 2 , -.Xr setauid 2 , -.Xr getaudit 2 , -.Xr setaudit 2 , -.Xr getaudit_addr 2 , -.Xr setaudit_addr 2 , -.Xr libbsm 3 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Robert Watson Aq rwatson@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/setaudit.2 b/contrib/openbsm/man/setaudit.2 deleted file mode 100644 index 46d99546a5811..0000000000000 --- a/contrib/openbsm/man/setaudit.2 +++ /dev/null @@ -1,81 +0,0 @@ -.\"- -.\" Copyright (c) 2005 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#5 $ -.\" -.Dd April 19, 2005 -.Dt SETAUDIT 2 -.Os -.Sh NAME -.Nm setaudit , -.Nm setaudit_addr -.Nd "Set audit session state" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn setaudit "auditinfo_t *auditinfo" -.Ft int -.Fn setaudit_addr "auditinfo_addr_t *auditinfo" "u_int length" -.Sh DESCRIPTION -.Nm -sets the active audit session state for the current process via the -.Vt auditinfo_t -pointed to by -.Va auditinfo . -.Fn setaudit_addr -sets extended state via -.Va auditinfo_addr -and -.Va length . -.Pp -This system call requires appropriate privilege to complete. -.Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . -.Sh SEE ALSO -.Xr audit 2 , -.Xr auditon 2 , -.Xr getaudit 2 , -.Xr getauid 2 , -.Xr setauid 2 , -.Xr getaudit 2 , -.Xr libbsm 3 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Robert Watson Aq rwatson@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. diff --git a/contrib/openbsm/man/setauid.2 b/contrib/openbsm/man/setauid.2 deleted file mode 100644 index 4c23ffcebf7f8..0000000000000 --- a/contrib/openbsm/man/setauid.2 +++ /dev/null @@ -1,74 +0,0 @@ -.\"- -.\" Copyright (c) 2005 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#5 $ -.\" -.Dd April 19, 2005 -.Dt SETAUID 2 -.Os -.Sh NAME -.Nm setauid -.Nd "Set audit session ID" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn setauid "au_id_t *auid" -.Sh DESCRIPTION -.Nm -sets the active audit session ID for the current process from the -.Vt au_id_t -pointed to by -.Va auid . -.Pp -This system call requires appropriate privilege to complete. -.Sh RETURN VALUES -.Nm -returns 0 on success, or returns -1 on failure, providing additional error -information via -.Va errno . -.Sh SEE ALSO -.Xr audit 2 , -.Xr auditon 2 , -.Xr getauid 2 , -.Xr getaudit 2 , -.Xr setaudit 2 , -.Xr getaudit_addr 2 , -.Xr setaudit_addr 2 , -.Xr libbsm 3 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Robert Watson Aq rwatson@FreeBSD.org . -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. |