xref: /freebsd/contrib/openbsm/bin/audit/audit.8 (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1.\" Copyright (c) 2004-2009 Apple Inc.
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\"
8.\" 1.  Redistributions of source code must retain the above copyright
9.\"     notice, this list of conditions and the following disclaimer.
10.\" 2.  Redistributions in binary form must reproduce the above copyright
11.\"     notice, this list of conditions and the following disclaimer in the
12.\"     documentation and/or other materials provided with the distribution.
13.\" 3.  Neither the name of Apple Inc. ("Apple") nor the names of
14.\"     its contributors may be used to endorse or promote products derived
15.\"     from this software without specific prior written permission.
16.\"
17.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18.\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20.\" DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27.\"
28.Dd July 25, 2015
29.Dt AUDIT 8
30.Os
31.Sh NAME
32.Nm audit
33.Nd audit management utility
34.Sh SYNOPSIS
35.Nm
36.Fl e | i | n | s | t
37.Sh DESCRIPTION
38The
39.Nm
40utility controls the state of the audit system.
41One of the following flags is required as an argument to
42.Nm :
43.Bl -tag -width indent
44.It Fl e
45Forces the audit system to immediately remove audit log files that
46meet the expiration criteria specified in the audit control file without
47doing a log rotation.
48.It Fl i
49Initializes and starts auditing.
50This option is currently for Mac OS X only
51and requires
52.Xr auditd 8
53to be configured to run under
54.Xr launchd 8 .
55.It Fl n
56Forces the audit system to close the existing audit log file and rotate to
57a new log file in a location specified in the audit control file.
58Also, audit log files that meet the expiration criteria specified in the
59audit control file will be removed.
60.It Fl s
61Specifies that the audit system should [re]synchronize its
62configuration from the audit control file.
63A new log file will be created.
64.It Fl t
65Specifies that the audit system should terminate.
66Log files are closed
67and renamed to indicate the time of the shutdown.
68.El
69.Sh NOTES
70The
71.Xr auditd 8
72daemon must already be running.
73Optionally, it can be configured to be started
74on-demand by
75.Xr launchd 8
76(Mac OS X only).
77The
78.Nm
79utility requires audit administrator privileges for successful operation.
80.Sh FILES
81.Bl -tag -width ".Pa /etc/security/audit_control" -compact
82.It Pa /etc/security/audit_control
83Audit policy file used to configure the auditing system.
84.El
85.Sh SEE ALSO
86.Xr audit 4 ,
87.Xr audit_control 5 ,
88.Xr auditd 8 ,
89.Xr launchd 8 (Mac OS X)
90.Sh HISTORY
91The OpenBSM implementation was created by McAfee Research, the security
92division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
93It was subsequently adopted by the TrustedBSD Project as the foundation for
94the OpenBSM distribution.
95.Sh AUTHORS
96.An -nosplit
97This software was created by McAfee Research, the security research division
98of McAfee, Inc., under contract to Apple Computer Inc.
99Additional authors include
100.An Wayne Salamon ,
101.An Robert Watson ,
102and SPARTA Inc.
103.Pp
104The Basic Security Module (BSM) interface to audit records and audit event
105stream format were defined by Sun Microsystems.
106