diff options
Diffstat (limited to 'man/audit_event.5')
| -rw-r--r-- | man/audit_event.5 | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/man/audit_event.5 b/man/audit_event.5 new file mode 100644 index 000000000000..75e67aaed9d7 --- /dev/null +++ b/man/audit_event.5 @@ -0,0 +1,84 @@ +.\" Copyright (c) 2004 Apple Computer, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#11 $ +.\" +.Dd January 24, 2004 +.Dt AUDIT_EVENT 5 +.Os +.Sh NAME +.Nm audit_event +.Nd "audit event descriptions" +.Sh DESCRIPTION +The +.Nm +file contains descriptions of the auditable events on the system. +Each line maps an audit event number to a name, a description, and a class. +Entries are of the form: +.Pp +.Sm off +.D1 Ar eventnum : eventname : description : eventclass +.Sm on +.Pp +Each +.Ar eventclass +should have a corresponding entry in the +.Xr audit_class 5 +file. +.Pp +Example entries in this file are: +.Bd -literal -offset indent +0:AUE_NULL:indir system call:no +1:AUE_EXIT:exit(2):pc +2:AUE_FORK:fork(2):pc +3:AUE_OPEN:open(2):fa +.Ed +.Sh FILES +.Bl -tag -width ".Pa /etc/security/audit_event" -compact +.It Pa /etc/security/audit_event +.El +.Sh SEE ALSO +.Xr audit 4 , +.Xr audit_class 5 , +.Xr audit_control 5 , +.Xr audit_user 5 +.Sh HISTORY +The OpenBSM implementation was created by McAfee Research, the security +division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. +It was subsequently adopted by the TrustedBSD Project as the foundation for +the OpenBSM distribution. +.Sh AUTHORS +.An -nosplit +This software was created by McAfee Research, the security research division +of McAfee, Inc., under contract to Apple Computer Inc. +Additional authors include +.An Wayne Salamon , +.An Robert Watson , +and SPARTA Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. |