tail head cat sleep
QR code linking to this page

Manual Pages  — AUDIT_SUBMIT

NAME

audit_submit – general purpose audit record submission

CONTENTS

LIBRARY

Basic Security Module User Library (libbsm, -lbsm)

SYNOPSIS

#include <bsm/libbsm.h>

int
audit_submit(short au_event, au_id_t auid, char status, int reterr, const char * restrict format, ...);

DESCRIPTION

The audit_submit() function provides a generic programming interface for audit record submission. This audit record will contain a header, subject token, an optional text token, return token, and a trailer. The header will contain the event class specified by au_event. The subject token will be generated based on auid. The return token is dependent on the status and reterr arguments; unlike the argument to au_to_return, reterr should be a local rather than BSM error number. Optionally, a text token will be created as a part of this record.

Text token output is under the control of a format string that specifies how subsequent arguments (or arguments accessed via the variable-length argument facilities of stdarg(3)) are converted for output. If format is NULL, then no text token is created in the audit record.

It should be noted that audit_submit() assumes that setaudit(2), or setaudit_addr(2) has already been called. As a direct result, the terminal ID for the subject will be retrieved from the kernel via getaudit(2), or getaudit_addr(2).

RETURN VALUES

If successful, audit_submit will return zero. Otherwise a -1 is returned and the global variable errno is set to indicate the error.

EXAMPLES

#include <bsm/audit.h>
#include <bsm/libbsm.h>
#include <bsm/audit_uevents.h>

#include <stdio.h> #include <stdarg.h> #include <errno.h>

void audit_bad_su(char *from_login, char *to_login) {         struct auditinfo_addr aia;         struct auditinfo ai;         au_id_t aid;         int error;

        error = getaudit_addr(&aia, sizeof(aia));         if (error < 0 && errno == ENOSYS) {                 error = getaudit(&ai);                 if (error < 0)                         err(1, "getaudit");                 aid = ai.ai_auid;         } else if (error < 0)                 err(1, "getaudit_addr");         else                 aid = aia.ai_auid;         error = audit_submit(AUE_su, aid, EPERM, 1,          "bad su from %s to %s", from_login, to_login);         if (error != 0)                 err(1, "audit_submit"); }

Will generate the following audit record:

header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec
subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0
text,bad su from from csjp to root
return,failure : Operation not permitted,1
trailer,94

SEE ALSO

auditon(2), getaudit(2), libbsm(3), stdarg(3)

HISTORY

The audit_submit() function first appeared in OpenBSM version 1.0. OpenBSM 1.0 was introduced in FreeBSD 7.0 .

AUTHORS

The audit_submit() function was written by Christian S.J. Peron <csjp@FreeBSD.org>.

AUDIT_SUBMIT (3) January 18, 2008

tail head cat sleep
QR code linking to this page


Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

A child of 5 could understand this! Fetch me a child of 5.