diff options
Diffstat (limited to 'contrib/openbsm/man/audit_control.5')
| -rw-r--r-- | contrib/openbsm/man/audit_control.5 | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5 new file mode 100644 index 000000000000..d39b68129cff --- /dev/null +++ b/contrib/openbsm/man/audit_control.5 @@ -0,0 +1,121 @@ +.\" Copyright (c) 2004 Apple Computer, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#5 $ +.\" +.Dd Jan 24, 2004 +.Dt AUDIT_CONTROL 5 +.Os +.Sh NAME +.Nm audit_control +.Nd "contains audit system parameters" +.Sh DESCRIPTION +The +.Nm +file contains several audit system parameters. +Each line of this file is of the form: +.Dl parameter:value. +The parameters are: +.Bl -tag -width Ds +.It Pa dir +The directory where audit log files are stored. +There may be more than one of these entries. +Changes to this entry can only be enacted by restarting the +audit system. +See +.Xr audit 1 +for a description of how to restart the audit system. +.It Va flags +Specifies which audit event classes are audited for all users. +.Xr audit_user 5 +describes how to audit events for individual users. +See the information below for the format of the audit flags. +.It Va naflags +Contains the audit flags that define what classes of events are audited when +an action cannot be attributed to a specific user. +.It Va minfree +The minimum free space required on the file system audit logs are being written to. +When the free space falls below this limit a warning will be issued. +Not currently used as the value of 20 percent is chosen by the kernel. +.El +.Sh AUDIT FLAGS +Audit flags are a comma delimited list of audit classes as defined in the +audit_class file. +See +.Xr audit_class 5 +for details. +Event classes may be preceded by a prefix which changes their interpretation. +The following prefixes may be used for each class: +.Bl -tag -width Ds -compact -offset indent +.It + +Record successful events +.It - +Record failed events +.It ^ +Record both successful and failed events +.It ^+ +Don't record successful events +.It ^- +Don't record failed events +.El +.Sh DEFAULT +The following settings appear in the default +.Nm +file: +.Bd -literal -offset indent +dir:/var/audit +flags:lo,ad,-all,^-fc,^-cl +minfree:20 +naflags:lo +.Ed +.Pp +The +.Va flags +parameter above specifies the system-wide mask corresponding to login/logout +events, administrative events, and all failures except for failures in creating +or closing files. +.Sh FILES +.Bl -tag -width "/etc/security/audit_control" -compact +.It Pa /etc/security/audit_control +.El +.Sh SEE ALSO +.Xr audit 1 , +.Xr auditd 8 , +.Xr audit_class 5 , +.Xr audit_user 5 +.Sh AUTHORS +This software was created by McAfee Research, the security research division +of McAfee, Inc., under contract to Apple Computer Inc. +Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. +.Sh HISTORY +The OpenBSM implementation was created by McAfee Research, the security +division of McAfee Inc., under contract to Apple Computer Inc. in 2004. +It was subsequently adopted by the TrustedBSD Project as the foundation for +the OpenBSM distribution. |