freebsd-nq/contrib/openbsm/libbsm/au_control.3
Robert Watson bb97b41819 Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
  fr/fw class; our default classes audit intent (open) not operations (read,
  write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
  and writes of sysctls as separate events.  Add additional kernel
  environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
  by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
  a dropped request, the log file will otherwise grow indefinitely if the
  trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
  routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
  representations of audit_control policy flags and the flags passed to
  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
  extension to the Solaris file format to allow specification of policy
  persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
  policy to match it when configuring/reconfiguring.  Remove the -s and -h
  arguments as these policies are now set via the configuration file.  If a
  policy line is not found in the configuration file, continue with the
  current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
  variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from:	TrustedBSD Project
2006-09-21 07:07:33 +00:00

173 lines
4.9 KiB
Groff

.\"-
.\" Copyright (c) 2005 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
.\"
.Dd April 19, 2005
.Dt AU_CONTROL 3
.Os
.Sh NAME
.Nm setac ,
.Nm endac ,
.Nm getacdir ,
.Nm getacmin ,
.Nm getacflg ,
.Nm getacna ,
.Nm getacpol ,
.Nm au_poltostr
.Nm au_strtopol
.Nd "Look up information from the audit_control database"
.Sh LIBRARY
.Lb libbsm
.Sh SYNOPSIS
.In libbsm.h
.Ft void
.Fn setac "void"
.Ft void
.Fn endac "void"
.Ft int
.Fn getacdir "char *name" "int len"
.Ft int
.Fn getacmin "int *min_val"
.Ft int
.Fn getacflg "char *auditstr" "int len"
.Ft int
.Fn getacna "char *auditstr" "int len"
.Ft int
.Fn getacpol "char *auditstr" "size_t len"
.Ft ssize_t
.Fn au_poltostr "long policy" "size_t maxsize" "char *buf"
.Ft int
.Fn au_strtopol "const char *polstr" "long *policy"
.Sh DESCRIPTION
These interfaces may be used to look up information from the
.Xr audit_control 5
database, which contains various audit-related administrative parameters.
.Pp
.Fn setac
resets the database iterator to the beginning of the database; see the
BUGS section for more information.
.Pp
.Fn sendac
closes the
.Xr audit_control 5
database.
.Pp
.Fn getacdir
returns the name of the directory where log data is stored via the passed
character buffer
.Va name
of length
.Va len .
.Pp
.Fn getacmin
returns the minimum free disk space for the audit log target file system via
the passed
.Va min_val
variable.
.Pp
.Fn getacflg
returns the audit system flags via the the passed character buffer
.Va auditstr
of length
.Va len .
.Pp
.Fn getacna
returns the non-attributable flags via the passed character buffer
.Va auditstr
of length
.Va len .
.Pp
.Fn getacpol
returns the audit policy flags via the passed character buffer
.Va auditstr
of length
.Va len .
.Pp
.Fn au_poltostr
converts a numeric audit policy mask,
.Va policy ,
value to a string in the passed character buffer
.Va buf
of lenth
.Va maxsize .
.Pp
.Fn au_strtopol
converts an audit policy flags string,
.Va polstr ,
to a numeric audit policy mask returned via
.Va policy .
.Sh RETURN VALULES
.Fn getacdir ,
.Fn getacmin ,
.Fn getacflg ,
.Fn getacna ,
.Fn getacpol ,
and
.Fn au_strtopol
return 0 on success, or a negative value on failure, along with error
information in
.Va errno .
.Pp
.Fn au_poltostr
returns a string length of 0 or more on success, or a negative value on
if there is a failure.
.Pp
Functions that return a string value will return a failure if there is
insufficient room in the passed character buffer for the full string.
.Sh SEE ALSO
.Xr libbsm 3 ,
.Xr audit_control 5
.Sh AUTHORS
This software was created by Robert Watson, Wayne Salamon, and Suresh
Krishnaswamy for McAfee Research, the security research division of McAfee,
Inc., under contract to Apple Computer, Inc.
.Pp
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
.Sh HISTORY
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
It was subsequently adopted by the TrustedBSD Project as the foundation for
the OpenBSM distribution.
.Sh BUGS
These routines cannot currently distinguish between an entry not being found
and an error accessing the database.
The implementation should be changed to return an error via
.Va errno
when
.Dv NULL
is returned.
.Sh BUGS
There is no reason for the
.Fn setac
interface to be exposed as part of the public API, as it is called implicitly
by other access functions and iteration is not supported.
.Pp
These interfaces inconsistently return various negative values depending on
the failure mode, and do not always set
.Va errno
on failure.