c0020399a6
OpenBSM history for imported revision below for reference.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
25 lines
623 B
Plaintext
25 lines
623 B
Plaintext
#
|
|
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#6 $
|
|
# $FreeBSD$
|
|
#
|
|
0x00000000:no:invalid class
|
|
0x00000001:fr:file read
|
|
0x00000002:fw:file write
|
|
0x00000004:fa:file attribute access
|
|
0x00000008:fm:file attribute modify
|
|
0x00000010:fc:file create
|
|
0x00000020:fd:file delete
|
|
0x00000040:cl:file close
|
|
0x00000080:pc:process
|
|
0x00000100:nt:network
|
|
0x00000200:ip:ipc
|
|
0x00000400:na:non attributable
|
|
0x00000800:ad:administrative
|
|
0x00001000:lo:login_logout
|
|
0x00002000:aa:authentication and authorization
|
|
0x00004000:ap:application
|
|
0x20000000:io:ioctl
|
|
0x40000000:ex:exec
|
|
0x80000000:ot:miscellaneous
|
|
0xffffffff:all:all flags set
|