audcntl man page on Ultrix

Man page or keyword search:  
man Server   3690 pages
apropos Keyword Search (all sections)
Output format
Ultrix logo
[printable version]

audcntl(2)							    audcntl(2)

Name
       audcntl - audit control

Syntax
       #include <sys/audit.h>

       audcntl(request, argp, len, flag, audit_id)
       int request;
       char *argp;
       int len;
       int flag;
       audit_ID_t audit_id;

Description
       The system call provides control over options offered by the audit sub‐
       system. All requests, except where  noted  otherwise,  are  privileged.
       The following list describes the requests:

       GET_SYS_AMASK and SET_SYS_AMASK
	      The  system auditmask determines which system events are logged.
	      GET_SYS_AMASK copies the system auditmask into a buffer  pointed
	      at  by  argp.   SET_SYS_AMASK copies from a buffer pointed at by
	      argp into	 the  system  auditmask.   Each	 of  these  operations
	      returns  the number of bytes transferred between the user's buf‐
	      fer and the auditmask.  Len is the size of  the  user's  buffer.
	      The  amount  of  data moved between the auditmask and the user's
	      buffer is the smaller of the auditmask size and the buffer size.

       GET_TRUSTED_AMASK and SET_TRUSTED_AMASK
	      The  trusted  auditmask  determines  which  trusted  events  are
	      logged.	GET_TRUSTED_AMASK  copies the trusted auditmask into a
	      buffer pointed at by argp.  SET_TRUSTED_AMASK copies from a buf‐
	      fer pointed at by argp into the trusted auditmask. Each of these
	      operations returns the number of bytes transferred  between  the
	      user's  buffer and the auditmask.	 Len is the size of the user's
	      buffer.  The amount of data moved between the auditmask and  the
	      user's  buffer is the smaller of the auditmask size and the buf‐
	      fer size.

       GET_PROC_AMASK and SET_PROC_AMASK
	      The process auditmask determines (along with the	system	masks)
	      which  system  events and trusted events are logged for the cur‐
	      rent process.  GET_PROC_AMASK copies the process auditmask  into
	      a	 buffer pointed at by argp.  The size of the process auditmask
	      is SYSCALL_MASK_LEN+TRUSTED_MASK_LEN,  and  contains  a  syscall
	      mask  followed  by  a trusted event mask.	 SET_PROC_AMASK copies
	      the values from a buffer pointed at by  argp  into  the  process
	      auditmask.  Each of these operations returns the number of bytes
	      transferred between the user's buffer and the auditmask.	Len is
	      the  size of the user's buffer. The amount of data moved between
	      the auditmask and the user's buffer is the smaller of the audit‐
	      mask size and the buffer size.

       GET_PROC_ACNTL and SET_PROC_ACNTL
	      GET_PROC_ACNTL  returns  the  audit  control  flags (the audcntl
	      byte) of the current process (see ).  Audit control flags deter‐
	      mine  whether  auditing for the process is on or off, and if on,
	      how the auditmasks are combined.	A value of AUDIT_OFF indicates
	      audit is off for that process.  A value of AUDIT_AND or AUDIT_OR
	      indicates the process auditmask is  logically  AND'ed  or	 OR'ed
	      with  the	 system auditmask.  A value of AUDIT_USR indicates the
	      process auditmask is used for that process; the system auditmask
	      is ignored.  SET_PROC_ACNTL assigns the values of the audit con‐
	      trol flags from flag and returns	the  previous  values  of  the
	      flags.

       GET_AUDSWITCH and SET_AUDSWITCH
	      GET_AUDSWITCH  returns  the value of the system audit switch.  A
	      return value of 1 indicates auditing is turned on.  A  value  of
	      zero  indicates  auditing	 is turned off.	 SET_AUDSWITCH assigns
	      the value of flag to the system audit  switch  and  returns  the
	      previous audit switch value.  A value of 1 turns auditing on.  A
	      value of zero turns auditing off.

       FLUSH_AUD_BUF
	      Flushes the kernel audit buffer out to

       GETPAID and SETPAID
	      GETPAID returns the audit ID of the calling process.   The  GET‐
	      PAID  request  does  not require privilege.  SETPAID assigns the
	      value of audit_id to the process audit ID.  SETPAID is effective
	      only if audit_id is greater than 0.

       GET_AUDSTYLE and SET_AUDSTYLE
	      The  system  auditing  style supports two options to control how
	      much additional information  is  recorded	 on  exec  operations.
	      GET_AUDSTYLE  returns  the  current value of the system audstyle
	      flag.  SET_AUDSTYLE sets the system audstyle flag to  the	 value
	      of flag, and returns the previous value of the audstyle flag.  A
	      flag value of AUD_EXEC_ARGP enables the auditing of the argument
	      list   to	  an  execv  or	 execve	 syscall.   A  flag  value  of
	      AUD_EXEC_ENVP enables the auditing of the environment strings to
	      an execv or execve syscall.  Flag values may be OR'ed together.

Return Values
       The  values  returned  for  successful  calls  can  be  found under the
       description of the specific call request.

       If a call fails, a -1 is returned.

Diagnostics
       The call fails under the following conditions:

       [EFAULT]	      The argp argument contains an invalid address.

       [EACCES]	      The user does not have the privileges needed to  perform
		      this operation.

       [EINVAL]	      The  value of the len or request or audit_id argument is
		      invalid.

       [EPERM]	      The user is not privileged to get or set the  audit  ID,
		      or  the  user  attempted to get the audit ID when it was
		      not set.

       [EOPNOTSUPP]   The request argument contains an unsupported operation.

See Also
       Security Guide for Administrators
	Guide to Languages and Programming

								    audcntl(2)
[top]

List of man pages available for Ultrix

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net