diff options
Diffstat (limited to 'man/auditon.2')
| -rw-r--r-- | man/auditon.2 | 66 |
1 files changed, 49 insertions, 17 deletions
diff --git a/man/auditon.2 b/man/auditon.2 index 9a0a9a1dd799..e43debbfd463 100644 --- a/man/auditon.2 +++ b/man/auditon.2 @@ -26,9 +26,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#15 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#16 $ .\" -.Dd July 10, 2008 +.Dd January 29, 2009 .Dt AUDITON 2 .Os .Sh NAME @@ -63,7 +63,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value set to one or more the following audit policy control values bitwise OR'ed together: .Dv AUDIT_CNT , @@ -93,9 +93,16 @@ is set, then the environment variables passed to the system call will be audited. The default policy is none of the audit policy control flags set. .It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Set the host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure containing the host IP address information. +After setting, audit records +that are created as a result of kernel events will contain +this information. .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). The @@ -156,6 +163,15 @@ If the value of free blocks falls below the configured minimum amount, the kernel informs the audit daemon about low disk space. The value is to be specified in percent of free file system blocks. A value of 0 results in a disabling of the check. +The default and maximum values (default/maximum) for the +audit queue control parameters are: +.Pp +.Bl -column aq_hiwater -offset indent -compact +.It aq_hiwater Ta 100/10000 (audit records) +.It aq_lowater Ta 10/aq_hiwater (audit records) +.It aq_bufsz Ta 32767/1048576 (bytes) +.It aq_delay Ta (Not currently used.) +.El .It Dv A_SETSTAT Return .Er ENOSYS . @@ -174,7 +190,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value containing the new audit condition, one of .Dv AUC_AUDITING , @@ -235,10 +251,6 @@ structure with the field set to the maximum audit log file size. A value of 0 indicates no limit to the size. -.It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. The @@ -250,9 +262,13 @@ structure. See the .Dv A_SETCLASS section above for more information. .It Dv A_GETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Get the current host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. .It Dv A_GETPINFO Return the audit settings for a process. The @@ -302,6 +318,22 @@ See the section above and .Xr getaudit 2 for more information. +.It Dv A_GETSINFO_ADDR +Return the extended audit settings for a session. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. +The audit session ID of the target session is passed +into the kernel using the +.Fa ai_asid +field. See +.Xr getaudit_addr 2 +for more information about the +.Vt auditinfo_addr_t +structure. .It Dv A_GETKMASK Return the current kernel preselection masks. The @@ -317,7 +349,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value which will be set to one of the current audit policy flags. The audit policy flags are @@ -377,7 +409,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value which will be set to the current audit condition, one of .Dv AUC_AUDITING , @@ -393,7 +425,7 @@ The .Fa data argument must point to a -.Vt long +.Vt int value set to one of the acceptable trigger values: .Dv AUDIT_TRIGGER_LOW_SPACE |