PERFORCE change 91159 for review
Robert Watson
rwatson at FreeBSD.org
Sun Feb 5 13:07:23 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=91159
Change 91159 by rwatson at rwatson_zoo on 2006/02/05 13:06:22
Integrate TrustedBSD audit3 branch from TrustedBSD OpenBSM branch
to merge recent OpenBSM changes:
- Lots of man page fixes (spelling, cross-reference, style,
content).
- Additional credits.
- ARM fix for auditd, auditreduce, praudit.
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.8#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.8#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.1#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.1#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/Makefile#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_control.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_event.3#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_free_token.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_mask.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_token.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_user.3#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_class.5#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_event.5#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_user.5#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_warn.5#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditon.2#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/getaudit.2#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/getauid.2#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/setaudit.2#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/setauid.2#4 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#6 (text+ko) ====
@@ -62,6 +62,8 @@
Wojciech Koszek
Chunyang Yuan
Poul-Henning Kamp
+ Christian Brueffer
+ Olivier Houchard
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
Software's FlexeLint tool were used to identify a number of bugs in the
@@ -83,4 +85,4 @@
http://www.TrustedBSD.org/
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#5 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#6 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.8#3 (text+ko) ====
@@ -29,9 +29,9 @@
.\"
.\" @APPLE_BSD_LICENSE_HEADER_END@
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.8#2 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.8#3 $
.\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
.Dt AUDIT 8
.Os
.Sh NAME
@@ -48,7 +48,7 @@
The optional
.Ar file
operand specifies the location of the audit control input file (default
-.Pa /etc/security/audit_control ).
+.Pa /etc/security/audit_control ) .
.Pp
The options are as follows:
.Bl -tag -width Ds
@@ -65,15 +65,17 @@
and renamed to indicate the time of the shutdown.
.El
.Sh NOTES
-The auditd(8) daemon must already be running.
+The
+.Xr auditd 8
+daemon must already be running.
.Sh FILES
.Bl -tag -width "/etc/security/audit_control" -compact
.It Pa /etc/security/audit_control
Default audit policy file used to configure the auditing system.
.El
.Sh SEE ALSO
+.Xr audit_control 5 ,
.Xr auditd 8
-.Xr audit_control 5
.Sh AUTHORS
This software was created by McAfee Research, the security research division
of McAfee, Inc., under contract to Apple Computer Inc.
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#2 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#1 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#2 $
*/
/*
* Program to trigger the audit daemon with a message that is either:
@@ -65,7 +65,7 @@
int
main(int argc, char **argv)
{
- char ch;
+ int ch;
unsigned int trigger = 0;
if (argc != 2)
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.8#2 (text+ko) ====
@@ -29,9 +29,9 @@
.\"
.\" @APPLE_BSD_LICENSE_HEADER_END@
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.8#1 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.8#2 $
.\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
.Dt AUDITD 8
.Os
.Sh NAME
@@ -63,9 +63,14 @@
.Pp
To assure uninterrupted audit support, the
.Nm auditd
-daemon should not be started and stopped manually. Instead, the audit(1) command
+daemon should not be started and stopped manually.
+Instead, the
+.Xr audit 8
+command
should be used to inform the daemon to change state/configuration after altering
-the audit_control file.
+the
+.Pa audit_control
+file.
.Pp
.\" Sending a SIGHUP to a running
.\" .Nm auditd
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#2 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#1 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#2 $
*/
#include <sys/dirent.h>
@@ -708,7 +708,7 @@
int
main(int argc, char **argv)
{
- char ch;
+ int ch;
int debug = 0;
int rc;
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.1#6 (text+ko) ====
@@ -25,9 +25,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.1#5 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.1#6 $
.\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
.Dt AUDITREDUCE 1
.Os
.Sh NAME
@@ -124,7 +124,8 @@
.Sh Examples
.Pp
To select all records associated with effective user ID root from the audit
-log /var/audit/20031016184719.20031017122634:
+log
+.Pa /var/audit/20031016184719.20031017122634 :
.Pp
.Nm
-e root /var/audit/20031016184719.20031017122634
@@ -136,9 +137,9 @@
.Nm
-m AUE_SETLOGIN /var/audit/20031016184719.20031017122634
.Sh SEE ALSO
+.Xr praudit 1 ,
.Xr audit_control 5 ,
-.Xr audit_event 5 ,
-.Xr praudit 1
+.Xr audit_event 5
.Sh AUTHORS
This software was created by McAfee Research, the security research division
of McAfee, Inc., under contract to Apple Computer Inc.
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#5 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#4 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#5 $
*/
/*
@@ -529,7 +529,7 @@
FILE *fp;
int i;
char *objval, *converr;
- char ch;
+ int ch;
char timestr[128];
char *fname;
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.1#5 (text+ko) ====
@@ -25,9 +25,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.1#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.1#5 $
.\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
.Dt PRAUDIT 1
.Os
.Sh NAME
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#4 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#3 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#4 $
*/
/*
@@ -105,7 +105,7 @@
int
main(int argc, char **argv)
{
- char ch;
+ int ch;
int i;
FILE *fp;
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/Makefile#5 (text+ko) ====
@@ -1,7 +1,7 @@
#
# OpenBSM libbsm
#
-# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/Makefile#4 $
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/Makefile#5 $
#
LIB= bsm
@@ -35,7 +35,9 @@
MLINKS= libbsm.3 bsm.3 \
au_class.3 getauclassent.3 \
+ au_class.3 getauclassent_r.3 \
au_class.3 getauclassnam.3 \
+ au_class.3 getauclassnam_r.3 \
au_class.3 setauclass.3 \
au_class.3 endauclass.3 \
au_control.3 setac.3 \
@@ -47,9 +49,13 @@
au_event.3 setauevent.3 \
au_event.3 endauevent.3 \
au_event.3 getauevent.3 \
+ au_event.3 getauevent_r.3 \
au_event.3 getauevnam.3 \
+ au_event.3 getauevnam_r.3 \
au_event.3 getauevnum.3 \
+ au_event.3 getauevnum_r.3 \
au_event.3 getauevnonam.3 \
+ au_event.3 getauevnonam_r.3 \
au_io.3 au_fetch_tok.3 \
au_io.3 au_print_tok.3 \
au_io.3 au_read_rec.3 \
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_control.3#3 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_control.3#2 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_control.3#3 $
.\"
.Dd April 19, 2005
.Dt AU_CONTROL 3
@@ -67,7 +67,7 @@
database.
.Pp
.Fn getacdir
-Return the name of the directory where log data is stored via the passed
+returns the name of the directory where log data is stored via the passed
character buffer
.Va name
of length
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_event.3#4 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_event.3#3 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_event.3#4 $
.\"
.Dd April 19, 2005
.Dt AU_EVENT 3
@@ -123,9 +123,9 @@
and
.Fn getauevnuam
will return a reference to a
-.Dt struct au_event_ent
+.Ft struct au_event_ent
or
-.Dt au_event_t
+.Ft au_event_t
on success, or
.Dv NULL on failure, with
.Va errno
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_free_token.3#3 (text+ko) ====
@@ -27,7 +27,7 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_free_token.3#2 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_free_token.3#3 $
.\"
.Dd April 19, 2005
.Dt AU_FREE_TOKEN 3
@@ -40,7 +40,7 @@
.Sh SYNOPSIS
.In libbsm.h
.Ft void
-.Fn au_free_tokenen "token_t *tok"
+.Fn au_free_token "token_t *tok"
.Sh DESCRIPTION
The BSM API generally manages deallocation of
.Vt token_t
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_mask.3#3 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_mask.3#2 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_mask.3#3 $
.\"
.Dd April 19, 2005
.Dt AU_MASK 3
@@ -109,7 +109,7 @@
.Sh IMPLEMENTATION NOTES
.Fn au_preselect
makes implicit use of various audit database routines, and may influence
-the behavior of simultaenous or interleaved processing of those databases by
+the behavior of simultaneous or interleaved processing of those databases by
other code.
.Sh SEE ALSO
.Xr libbsm 3 ,
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_token.3#3 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_token.3#2 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_token.3#3 $
.\"
.Dd April 19, 2005
.Dt AU_TOKEN 3
@@ -179,10 +179,10 @@
.Fn au_to_trailer "int rec_size"
.Sh DESCRIPTION
These interfaces support the allocation of BSM audit tokens, represented by
-.Dt token_t ,
+.Ft token_t ,
for various data types.
.Sh RETURN VALUES
-On sucess, a pointer to a
+On success, a pointer to a
.Vt token_t
will be returned; the allocated
.Vt token_t
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_user.3#4 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_user.3#3 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_user.3#4 $
.\"
.Dd April 19, 2005
.Dt AU_USER 3
@@ -72,7 +72,7 @@
.Dv au_never .
.Pp
.Fn getauuserent
-return the next user found in the
+returns the next user found in the
.Xr audit_user 5
database, or the first if the function has not yet been called.
.Dv NULL
@@ -96,7 +96,7 @@
database, if open.
.Pp
.Nm au_user_mask
-calculate a new session audit mask to be returned via
+calculates a new session audit mask to be returned via
.Dv mask_p
for the user identified by
.Dv username .
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#4 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#3 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#4 $
.\"
.Dd April 19, 2005
.Dt LIBBSM 3
@@ -48,57 +48,56 @@
interfaces, I/O interfaces, mask interfaces, notification interfaces, token
interfaces, and user interfaces.
These are described respectively in the
-.Xr au_stream 3 ,
.Xr au_class 3 ,
.Xr au_control 3 ,
.Xr au_event 3 ,
.Xr au_mask 3 ,
.Xr au_notify 3 ,
+.Xr au_stream 3 ,
.Xr au_token 3 ,
.Xr au_user 3
man pages.
.Ss Audit Event Stream Interfaces
Audit event stream interfaces support interaction with file-backed audit
event streams:
-.Xr au_free_token 3 ,
+.Xr au_close 3 .
.Xr au_free_token 3 ,
.Xr au_open 3 ,
.Xr au_write 3 ,
-.Xr au_close 3 .
.Ss Audit Class Interfaces
Audit class interfaces support the look up of information from the
.Xr audit_class 5
database:
+.Xr endauclass 3 ,
.Xr getauclassent 3 ,
.Xr getauclassent_r 3 ,
.Xr getauclassnam 3 ,
.Xr getauclassnam_r 3 ,
-.Xr setauclass 3 ,
-.Xr endauclass 3 .
+.Xr setauclass 3 .
.Ss Audit Control Interfaces
Audit control interfaces support the look up of information from the
.Xr audit_control 5
database:
+.Xr endac 3 ,
.Xr setac 3 ,
-.Xr endac 3 ,
.Xr getacdir 3 ,
+.Xr getacflg 3 ,
.Xr getacmin 3 ,
-.Xr getacflg 3 ,
.Xr getacna 3 .
.Ss Audit Event Interfaces
Audit event interfaces support the look up of information from the
.Xr audit_event 5
database:
+.Xr endauevent 3 ,
.Xr setauevent 3 ,
-.Xr endauevent 3 ,
.Xr getauevent 3 ,
.Xr getauevent_r 3 ,
.Xr getauevnam 3 ,
.Xr getauevnam_r 3 ,
-.Xr getauevnum 3 ,
-.Xr getauevnum_r 3 ,
.Xr getauevnonam 3 ,
.Xr getauevnonam_r 3 ,
+.Xr getauevnum 3 ,
+.Xr getauevnum_r 3 .
.Ss Audit I/O Interfaces
Audit I/O interfaces support the processing and printing of tokens, as well
as the reading of audit records:
@@ -117,9 +116,9 @@
.Ss Audit Notification Interfaces
Audit notification routines track audit state in a form permitting efficient
update, avoiding frequent system calls to check the kernel audit state:
+.Xr au_get_state 3 ,
.Xr au_notify_initialize 3 ,
-.Xr au_notify_terminate 3 ,
-.Xr au_get_state 3 .
+.Xr au_notify_terminate 3 .
These interfaces are implemented only for Darwin/Mac OS X.
.Ss Audit Token Interface
Audit token interfaces permit the creation of tokens for use in creating
@@ -127,63 +126,63 @@
Each interface converts a C type to its
.Vt token_t
representation.
+.Xr au_to_arg 3 ,
.Xr au_to_arg32 3 ,
.Xr au_to_arg64 3 ,
-.Xr au_to_arg 3 ,
.Xr au_to_attr64 3 ,
.Xr au_to_data 3 ,
+.Xr au_to_exec_args 3 ,
+.Xr au_to_exec_env 3 ,
.Xr au_to_exit 3 ,
+.Xr au_to_file 3 ,
.Xr au_to_groups 3 ,
-.Xr au_to_newgroups 3 ,
+.Xr au_to_header32 3 ,
+.Xr au_to_header64 3 ,
.Xr au_to_in_addr 3 ,
.Xr au_to_in_addr_ex 3 ,
.Xr au_to_ip 3 ,
.Xr au_to_ipc 3 ,
.Xr au_to_ipc_perm 3 ,
.Xr au_to_iport 3 ,
+.Xr au_to_me 3 ,
+.Xr au_to_newgroups 3 ,
.Xr au_to_opaque 3 ,
-.Xr au_to_file 3 ,
-.Xr au_to_text 3 ,
.Xr au_to_path 3 ,
+.Xr au_to_process 3 ,
.Xr au_to_process32 3 ,
.Xr au_to_process64 3 ,
-.Xr au_to_process 3 ,
+.Xr au_to_process_ex 3 ,
.Xr au_to_process32_ex 3 ,
.Xr au_to_process64_ex 3 ,
-.Xr au_to_process_ex 3 ,
+.Xr au_to_return 3 ,
.Xr au_to_return32 3 ,
.Xr au_to_return64 3 ,
-.Xr au_to_return 3 ,
.Xr au_to_seq 3 ,
.Xr au_to_socket 3 ,
.Xr au_to_socket_ex_32 3 ,
.Xr au_to_socket_ex_128 3 ,
+.Xr au_to_sock_inet 3 ,
.Xr au_to_sock_inet32 3 ,
.Xr au_to_sock_inet128 3 ,
-.Xr au_to_sock_inet 3 ,
+.Xr au_to_subject 3 ,
.Xr au_to_subject32 3 ,
.Xr au_to_subject64 3 ,
-.Xr au_to_subject 3 ,
+.Xr au_to_subject_ex 3 ,
.Xr au_to_subject32_ex 3 ,
.Xr au_to_subject64_ex 3 ,
-.Xr au_to_subject_ex 3 ,
-.Xr au_to_me 3 ,
-.Xr au_to_exec_args 3 ,
-.Xr au_to_exec_env 3 ,
-.Xr au_to_header32 3 ,
-.Xr au_to_header64 3 ,
+.Xr au_to_text 3 ,
.Xr au_to_trailer 3 .
.Ss Audit User Interfaces
Audit user interfaces support the look up of information from the
.Xr audit_user 5
database:
+.Xr au_user_mask 3 ,
+.Xr endauuser 3 ,
.Xr setauuser 3 ,
-.Xr endauuser 3 ,
.Xr getauuserent 3 ,
.Xr getauuserent_r 3 ,
.Xr getauusernam 3 ,
.Xr getauusernam_r 3 ,
-.Xr au_user_mask 3 ,
.Xr getfauditflags 3 .
.Sh SEE ALSO
.Xr au_class 3 ,
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#5 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#5 $
.\"
.Dd May 1, 2005
.Dt AUDIT.LOG 5
@@ -204,7 +204,7 @@
token contains an IP packet header in network byte order.
An
.Dv ip
-token can be cread using
+token can be created using
.Xr au_to_ip 3 .
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
@@ -249,7 +249,7 @@
A
.Dv path
token can be created using
-.Xr auto_path 3 .
+.Xr au_to_path 3 .
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -262,7 +262,7 @@
token contains a set of nul-terminated path names.
The
.Xr libbsm 3
-API cannot currently create an
+API cannot currently create a
.Dv path_attr
token.
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
@@ -283,7 +283,7 @@
This includes both the traditional
.Ux
security properties, such as user IDs and group IDs, but also audit
-information such as the audit user ID and sesion.
+information such as the audit user ID and session.
A
.Dv process
token can be created using
@@ -310,12 +310,12 @@
.Dv process
token, with the addition of a machine address type and variable length
address storage capable of containing IPv6 addresses.
-A
+An
.Dv expanded process
token can be created using
.Xr au_to_process32_ex 3
or
-.Xr au_to_process64 3 .
+.Xr au_to_process64_ex 3 .
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -385,7 +385,7 @@
.Dv subject
token, with the addition of type/length and variable size machine address
information in the terminal ID.
-A
+An
.Dv expanded subject
token can be created using
.Xr au_to_subject32_ex 3
@@ -412,7 +412,7 @@
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "object ID type" Ta "1 byte" Ta "Object ID"
+.It Li "Object ID type" Ta "1 byte" Ta "Object ID"
.It Li "Object ID" Ta "4 bytes" Ta "Object ID"
.El
.Ss Text Token
@@ -438,7 +438,7 @@
.Dv path
tokens may also be present in an audit record indicating which path, if any,
was used to reach the object.
-A
+An
.Dv attribute
token can be created using
.Xr au_to_attr32 3
@@ -593,8 +593,8 @@
.It Li XXXXX
.El
.Sh SEE ALSO
-.Xr audit 8,
-.Xr libbsm 3
+.Xr libbsm 3 ,
+.Xr audit 8
.Sh AUTHORS
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_class.5#5 (text+ko) ====
@@ -25,9 +25,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_class.5#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_class.5#5 $
.\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
.Dt AUDIT_CLASS 5
.Os
.Sh NAME
@@ -40,8 +40,9 @@
Each auditable event is a member of an event class.
Each line maps an audit event
mask (bitmap) to a class and a description.
-Entries are of the form
-.Dl classmask:eventclass:description.
+Entries are of the form:
+.Pp
+.Dl classmask:eventclass:description
.Pp
Example entries in this file are:
.Bd -literal -offset indent
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#5 (text+ko) ====
@@ -25,9 +25,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#5 $
.\"
-.Dd Jan 24, 2004
+.Dd January 4, 2006
.Dt AUDIT_CONTROL 5
.Os
.Sh NAME
@@ -38,7 +38,9 @@
.Nm
file contains several audit system parameters.
Each line of this file is of the form:
-.Dl parameter:value.
+.Pp
+.Dl parameter:value
+.Pp
The parameters are:
.Bl -tag -width Ds
.It Pa dir
@@ -63,13 +65,15 @@
Not currently used as the value of 20 percent is chosen by the kernel.
.El
.Sh AUDIT FLAGS
-Audit flags are a comma delimited list of audit classes as defined in the
-audit_class file.
+Audit flags are a comma-delimited list of audit classes as defined in the
+.Pa audit_class
+file.
See
.Xr audit_class 5
for details.
Event classes may be preceded by a prefix which changes their interpretation.
The following prefixes may be used for each class:
+.Pp
.Bl -tag -width Ds -compact -offset indent
.It +
Record successful events
@@ -78,9 +82,9 @@
.It ^
Record both successful and failed events
.It ^+
-Don't record successful events
+Do not record successful events
.It ^-
-Don't record failed events
+Do not record failed events
.El
.Sh DEFAULT
The following settings appear in the default
@@ -88,7 +92,7 @@
file:
.Bd -literal -offset indent
dir:/var/audit
-flags:lo,ad,-all,^-fc,^-cl
+flags:lo
minfree:20
naflags:lo
.Ed
@@ -96,17 +100,16 @@
The
.Va flags
parameter above specifies the system-wide mask corresponding to login/logout
-events, administrative events, and all failures except for failures in creating
-or closing files.
+events.
.Sh FILES
.Bl -tag -width "/etc/security/audit_control" -compact
.It Pa /etc/security/audit_control
.El
.Sh SEE ALSO
-.Xr audit 1 ,
-.Xr auditd 8 ,
.Xr audit_class 5 ,
-.Xr audit_user 5
+.Xr audit_user 5 ,
+.Xr audit 8 ,
+.Xr auditd 8
.Sh AUTHORS
This software was created by McAfee Research, the security research division
of McAfee, Inc., under contract to Apple Computer Inc.
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_event.5#5 (text+ko) ====
@@ -25,9 +25,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_event.5#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_event.5#5 $
.\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
.Dt AUDIT_EVENT 5
.Os
.Sh NAME
@@ -38,11 +38,15 @@
.Nm
file contains descriptions of the auditable events on the system.
Each line maps an audit event number to a name, a description, and a class.
-Entries are of the form
-.Dl eventnum:eventname:description:eventclass .
+Entries are of the form:
+.Pp
+.Dl eventnum:eventname:description:eventclass
+.Pp
Each
.Vt eventclass
-should have a corresponding entry in the audit_class file.
+should have a corresponding entry in the
+.Pa audit_class
+file.
See
.Xr audit_class 5
for details.
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_user.5#5 (text+ko) ====
@@ -25,9 +25,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_user.5#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_user.5#5 $
.\"
-.Dd Jan 24, 2004
+.Dd February 5, 2006
.Dt AUDIT_USER 5
.Os
.Sh NAME
@@ -44,9 +44,11 @@
.Pp
Each line maps a user name to a list of classes that should be audited and a
list of classes that should not be audited.
-Entries are of the form of
-.Dl username:alwaysaudit:neveraudit ,
-where
+Entries are of the form:
+.Pp
+.Dl username:alwaysaudit:neveraudit
+.Pp
+In the format above,
.Vt alwaysaudit
is a set of event classes that are always audited, and
.Vt neveraudit
@@ -64,8 +66,8 @@
jdoe:-fc,ad:+fw
.Ed
.Pp
-These settings would cause login and administrative events that succeed on
-behalf of user root to be audited.
+These settings would cause login/logout and administrative events that
+succeed on behalf of user root to be audited.
No failure events are audited.
For the user
.Em jdoe ,
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_warn.5#5 (text+ko) ====
@@ -25,9 +25,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_warn.5#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_warn.5#5 $
.\"
-.Dd Mar 17, 2004
+.Dd March 17, 2004
.Dt AUDIT_WARN 5
.Os
.Sh NAME
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditon.2#5 (text+ko) ====
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditon.2#4 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditon.2#5 $
.\"
.Dd April 19, 2005
.Dt AUDITON 2
@@ -53,8 +53,9 @@
.It Dv A_SETPOLICY
Set audit policy flags.
.Ft *data
-must point to an long value set to one of the audit
-policy control values defined in audit.h.
+must point to a long value set to one of the audit
+policy control values defined in
+.Pa audit.h .
Currently, only
.Dv AUDIT_CNT
and
@@ -83,7 +84,7 @@
.It Dv A_SETQCTRL
Set kernel audit queue parameters.
.Ft *data
-must point to a
+must point to a
.Ft au_qctrl_t
structure containing the
kernel audit queue control settings:
@@ -106,7 +107,7 @@
.It Dv A_SETCOND
Set the current auditing condition.
.Ft *data
-must point to an long value containing the new
+must point to a long value containing the new
audit condition, one of
.Dv AUC_AUDITING ,
.Dv AUC_NOAUDIT ,
@@ -115,13 +116,13 @@
.It Dv A_SETCLASS
Set the event class preselection mask for an audit event.
.Ft *data
-must point to a
+must point to a
.Ft au_evclass_map_t
structure containing the audit event and mask.
.It Dv A_SETPMASK
Set the preselection masks for a process.
.Ft *data
-must point to a
+must point to a
.Ft auditpinfo_t
structure that contains the given process's audit
preselection masks for both success and failure.
@@ -167,7 +168,7 @@
.It Dv A_GETPOLICY
Return the current audit policy setting.
.Ft *data
-must point to an long value which will be set to
+must point to a long value which will be set to
one of the current audit policy flags.
Currently, only
.Dv AUDIT_CNT
@@ -188,8 +189,8 @@
.Ft au_fstat_t
structure. The
.Ft af_filesz
-field will set to the maximum audit log file size. A value of 0
-indicates no limit to the size.
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list