4fae3f6a4a
- Man page formatting, cross reference, mlinks, and accuracy improvements. - auditd and tools now compile and run on FreeBSD/arm. - auditd will now fchown() the trail file to the audit review group, if defined at compile-time. - Added AUE_SYSARCH for FreeBSD. - Definition of AUE_SETFSGID fixed for Linux. Many thanks to: brueffer, cognet Obtained from: TrustedBSD Project
210 lines
7.1 KiB
Groff
210 lines
7.1 KiB
Groff
.\"-
|
|
.\" Copyright (c) 2005 Robert N. M. Watson
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $
|
|
.\"
|
|
.Dd April 19, 2005
|
|
.Dt AU_TOKEN 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm au_to_arg32 ,
|
|
.Nm au_to_arg64 ,
|
|
.Nm au_to_arg ,
|
|
.Nm au_to_attr64 ,
|
|
.Nm au_to_data ,
|
|
.Nm au_to_exit ,
|
|
.Nm au_to_groups ,
|
|
.Nm au_to_newgroups ,
|
|
.Nm au_to_in_addr ,
|
|
.Nm au_to_in_addr_ex ,
|
|
.Nm au_to_ip ,
|
|
.Nm au_to_ipc ,
|
|
.Nm au_to_ipc_perm ,
|
|
.Nm au_to_iport ,
|
|
.Nm au_to_opaque ,
|
|
.Nm au_to_file ,
|
|
.Nm au_to_text ,
|
|
.Nm au_to_path ,
|
|
.Nm au_to_process32 ,
|
|
.Nm au_to_process64 ,
|
|
.Nm au_to_process ,
|
|
.Nm au_to_process32_ex ,
|
|
.Nm au_to_process64_ex ,
|
|
.Nm au_to_process_ex ,
|
|
.Nm au_to_return32 ,
|
|
.Nm au_to_return64 ,
|
|
.Nm au_to_return ,
|
|
.Nm au_to_seq ,
|
|
.Nm au_to_socket ,
|
|
.Nm au_to_socket_ex_32 ,
|
|
.Nm au_to_socket_ex_128 ,
|
|
.Nm au_to_sock_inet32 ,
|
|
.Nm au_to_sock_inet128 ,
|
|
.Nm au_to_sock_inet ,
|
|
.Nm au_to_subject32 ,
|
|
.Nm au_to_subject64 ,
|
|
.Nm au_to_subject ,
|
|
.Nm au_to_subject32_ex ,
|
|
.Nm au_to_subject64_ex ,
|
|
.Nm au_to_subject_ex ,
|
|
.Nm au_to_me ,
|
|
.Nm au_to_exec_args ,
|
|
.Nm au_to_exec_env ,
|
|
.Nm au_to_header ,
|
|
.Nm au_to_header32 ,
|
|
.Nm au_to_header64 ,
|
|
.Nm au_to_trailer .
|
|
.Nd "Routines for generating BSM audit tokens"
|
|
.Sh LIBRARY
|
|
.Lb libbsm
|
|
.Sh SYNOPSIS
|
|
.In libbsm.h
|
|
.Ft token_t *
|
|
.Fn au_to_arg32 "char n" "char *text" "u_int32_t v"
|
|
.Ft token_t *
|
|
.Fn au_to_arg64 "char n" "char *text" "u_int64_t v"
|
|
.Ft token_t *
|
|
.Fn au_to_arg "char n" "char *text" "u_int32_t v"
|
|
.Ft token_t *
|
|
.Fn au_to_attr32 "struct vattr *attr"
|
|
.Ft token_t *
|
|
.Fn au_to_attr64 "struct vattr *attr"
|
|
.Ft token_t *
|
|
.Fn au_to_attr "struct vattr *attr"
|
|
.Ft token_t *
|
|
.Fn au_to_data "char unit_print" "char unit_type" "char unit_count" "char *p"
|
|
.Ft token_t *
|
|
.Fn au_to_exit "int retval" "int err"
|
|
.Ft token_t *
|
|
.Fn au_to_groups "int *groups"
|
|
.Ft token_t *
|
|
.Fn au_to_newgroups "u_int16_t n" "gid_t *groups"
|
|
.Ft token_t *
|
|
.Fn au_to_in_addr "struct in_addr *internet_addr"
|
|
.Ft token_t *
|
|
.Fn au_to_in_addr_ex "struct in6_addr *internet_addr"
|
|
.Ft token_t *
|
|
.Fn au_to_ip "struct ip *ip"
|
|
.Ft token_t *
|
|
.Fn au_to_ipc "char type" "int id"
|
|
.Ft token_t *
|
|
.Fn au_to_ipc_perm "struct ipc_perm *perm"
|
|
.Ft token_t *
|
|
.Fn au_to_iport "u_int16_t iport"
|
|
.Ft token_t *
|
|
.Fn au_to_opaque "char *data" "u_int64_t bytes"
|
|
.Ft token_t *
|
|
.Fn au_to_file "char *file"
|
|
.Ft token_t *
|
|
.Fn au_to_file "char *file"
|
|
.Ft token_t *
|
|
.Fn au_to_text "char *text"
|
|
.Ft token_t *
|
|
.Fn au_to_path "char *text"
|
|
.Ft token_t *
|
|
.Fn au_to_process32 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_process64 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_process32_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_process64_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_return32 "char status" "u_int32_t ret"
|
|
.Ft token_t *
|
|
.Fn au_to_return64 "char status" "u_int64_t ret"
|
|
.Ft token_t *
|
|
.Fn au_to_return "char status" "u_int32_t ret"
|
|
.Ft token_t *
|
|
.Fn au_to_seq "long audit_count"
|
|
.Ft token_t *
|
|
.Fn au_to_socket "struct socket *so"
|
|
.Ft token_t *
|
|
.Fn au_to_socket_ex_32 "struct socket *so"
|
|
.Ft token_t *
|
|
.Fn au_to_socket_ex_128 "struct socket *so"
|
|
.Ft token_t *
|
|
.Fn au_to_sock_inet32 "struct sockaddr_in *so"
|
|
.Ft token_t *
|
|
.Fn au_to_sock_inet128 "struct sockaddr_in6 *so"
|
|
.Ft token_t *
|
|
.Fn au_to_sock_int "struct sockaddr_in *so"
|
|
.Ft token_t *
|
|
.Fn au_to_subject32 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_subject64 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_subject "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_subject32_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_subject64_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_subject_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid"
|
|
.Ft token_t *
|
|
.Fn au_to_me "void"
|
|
.Ft token_t *
|
|
.Fn au_to_exec_args "const char **args"
|
|
.Ft token_t *
|
|
.Fn au_to_exec_env "const char **env"
|
|
.Ft token_t *
|
|
.Fn au_to_header "int rec_size" "au_event_t e_type" "au_emod_t emod"
|
|
.Ft token_t *
|
|
.Fn au_to_header32 "int rec_size" "au_event_t e_type" "au_emod_t emod"
|
|
.Ft token_t *
|
|
.Fn au_to_header64 "int rec_size" "au_event_t e_type" "au_emod_t e_mod"
|
|
.Ft token_t *
|
|
.Fn au_to_trailer "int rec_size"
|
|
.Sh DESCRIPTION
|
|
These interfaces support the allocation of BSM audit tokens, represented by
|
|
.Ft token_t ,
|
|
for various data types.
|
|
.Sh RETURN VALUES
|
|
On success, a pointer to a
|
|
.Vt token_t
|
|
will be returned; the allocated
|
|
.Vt token_t
|
|
can be freed via a call to
|
|
.Xr au_free_token 3 .
|
|
On failure,
|
|
.Dv NULL
|
|
will be returned, and an error condition returned via
|
|
.Va errno .
|
|
.Sh SEE ALSO
|
|
.Xr libbsm 3
|
|
.Sh AUTHORS
|
|
This software was created by Robert Watson, Wayne Salamon, and Suresh
|
|
Krishnaswamy for McAfee Research, the security research division of McAfee,
|
|
Inc., under contract to Apple Computer, Inc.
|
|
.Pp
|
|
The Basic Security Module (BSM) interface to audit records and audit event
|
|
stream format were defined by Sun Microsystems.
|
|
.Sh HISTORY
|
|
The OpenBSM implementation was created by McAfee Research, the security
|
|
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
|
|
It was subsequently adopted by the TrustedBSD Project as the foundation for
|
|
the OpenBSM distribution.
|
|
.Sh BUGS
|