audit_submit man page on FreeBSD

Man page or keyword search:  
man Server   9747 pages
apropos Keyword Search (all sections)
Output format
FreeBSD logo
[printable version]

audit_submit(3)		 BSD Library Functions Manual	       audit_submit(3)

NAME
     audit_submit — general purpose audit record submission

LIBRARY
     library “libbsm”

SYNOPSIS
     #include <bsm/libbsm.h>

     int
     audit_submit(short au_event, au_id_t auid, char status, int reterr,
	 const char * restrict format, ...);

DESCRIPTION
     The audit_submit() function provides a generic programming interface for
     audit record submission.  This audit record will contain a header, sub‐
     ject token, an optional text token, return token, and a trailer.  The
     header will contain the event class specified by au_event.	 The subject
     token will be generated based on auid.  The return token is dependent on
     the status and reterr arguments; unlike the argument to au_to_return,
     reterr should be a local rather than BSM error number.  Optionally, a
     text token will be created as a part of this record.

     Text token output is under the control of a format string that specifies
     how subsequent arguments (or arguments accessed via the variable-length
     argument facilities of stdarg(3)) are converted for output.  If format is
     NULL, then no text token is created in the audit record.

     It should be noted that audit_submit() assumes that setaudit(2), or
     setaudit_addr(2) has already been called.	As a direct result, the termi‐
     nal ID for the subject will be retrieved from the kernel via getaudit(2),
     or getaudit_addr(2).

EXAMPLES
	   #include <bsm/audit.h>
	   #include <bsm/libbsm.h>
	   #include <bsm/audit_uevents.h>

	   #include <stdio.h>
	   #include <stdarg.h>
	   #include <errno.h>

	   void
	   audit_bad_su(char *from_login, char *to_login)
	   {
		   struct auditinfo_addr aia;
		   struct auditinfo ai;
		   au_id_t aid;
		   int error;

		   error = getaudit_addr(&aia, sizeof(aia));
		   if (error < 0 && errno == ENOSYS) {
			   error = getaudit(&ai);
			   if (error < 0)
				   err(1, "getaudit");
			   aid = ai.ai_auid;
		   } else if (error < 0)
			   err(1, "getaudit_addr");
		   else
			   aid = aia.ai_auid;
		   error = audit_submit(AUE_su, aid, EPERM, 1,
		       "bad su from %s to %s", from_login, to_login);
		   if (error != 0)
			   err(1, "audit_submit");
	   }

     Will generate the following audit record:

	   header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec
	   subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0
	   text,bad su from from csjp to root
	   return,failure : Operation not permitted,1
	   trailer,94

RETURN VALUES
     If successful, audit_submit will return zero.  Otherwise a -1 is returned
     and the global variable errno is set to indicate the error.

SEE ALSO
     auditon(2), getaudit(2), libbsm(3), stdarg(3)

HISTORY
     The audit_submit() function first appeared in OpenBSM version 1.0.
     OpenBSM 1.0 was introduced in FreeBSD 7.0.

AUTHORS
     The audit_submit() function was written by Christian S.J. Peron
     ⟨csjp@FreeBSD.org⟩.

BSD			       January 18, 2008				   BSD
[top]

List of man pages available for FreeBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net