1ca0716f5SRobert Watson.\"- 2ca0716f5SRobert Watson.\" Copyright (c) 2005 Tom Rhodes 3ca0716f5SRobert Watson.\" Copyright (c) 2005 Robert N. M. Watson 4ca0716f5SRobert Watson.\" All rights reserved. 5ca0716f5SRobert Watson.\" 6ca0716f5SRobert Watson.\" Redistribution and use in source and binary forms, with or without 7ca0716f5SRobert Watson.\" modification, are permitted provided that the following conditions 8ca0716f5SRobert Watson.\" are met: 9ca0716f5SRobert Watson.\" 1. Redistributions of source code must retain the above copyright 10ca0716f5SRobert Watson.\" notice, this list of conditions and the following disclaimer. 11ca0716f5SRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright 12ca0716f5SRobert Watson.\" notice, this list of conditions and the following disclaimer in the 13ca0716f5SRobert Watson.\" documentation and/or other materials provided with the distribution. 14ca0716f5SRobert Watson.\" 15ca0716f5SRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16ca0716f5SRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17ca0716f5SRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18ca0716f5SRobert Watson.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19ca0716f5SRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20ca0716f5SRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21ca0716f5SRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22ca0716f5SRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23ca0716f5SRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24ca0716f5SRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25ca0716f5SRobert Watson.\" SUCH DAMAGE. 26ca0716f5SRobert Watson.\" 27ca0716f5SRobert Watson.Dd April 19, 2005 28ca0716f5SRobert Watson.Dt AUDIT 2 29ca0716f5SRobert Watson.Os 30ca0716f5SRobert Watson.Sh NAME 31ca0716f5SRobert Watson.Nm audit 32bc168a6cSRobert Watson.Nd "commit BSM audit record to audit log" 33ca0716f5SRobert Watson.Sh SYNOPSIS 34ca0716f5SRobert Watson.In bsm/audit.h 35ca0716f5SRobert Watson.Ft int 36ca0716f5SRobert Watson.Fn audit "const char *record" "u_int length" 37ca0716f5SRobert Watson.Sh DESCRIPTION 38bc168a6cSRobert WatsonThe 39ca0716f5SRobert Watson.Fn audit 40bc168a6cSRobert Watsonsystem call 41ca0716f5SRobert Watsonsubmits a completed BSM audit record to the system audit log. 42ca0716f5SRobert Watson.Pp 43bc168a6cSRobert WatsonThe 44ca0716f5SRobert Watson.Fa record 45bc168a6cSRobert Watsonargument 46bc168a6cSRobert Watsonis a pointer to the specific event to be recorded and 47bc168a6cSRobert Watson.Fa length 48ca0716f5SRobert Watsonis the size in bytes of the data to be written. 49ca0716f5SRobert Watson.Sh RETURN VALUES 50ca0716f5SRobert Watson.Rv -std 51ca0716f5SRobert Watson.Sh ERRORS 52ca0716f5SRobert WatsonThe 53ca0716f5SRobert Watson.Fn audit 54ca0716f5SRobert Watsonsystem call will fail and the data never written if: 55ca0716f5SRobert Watson.Bl -tag -width Er 56ca0716f5SRobert Watson.It Bq Er EFAULT 57ca0716f5SRobert WatsonThe 58ca0716f5SRobert Watson.Fa record 59ca0716f5SRobert Watsonargument is beyond the allocated address space of the process. 60ca0716f5SRobert Watson.It Bq Er EINVAL 61ca0716f5SRobert WatsonThe token ID is invalid or 62bc168a6cSRobert Watson.Va length 63ca0716f5SRobert Watsonis larger than 64bc168a6cSRobert Watson.Dv MAXAUDITDATA . 65ca0716f5SRobert Watson.It Bq Er EPERM 66ca0716f5SRobert WatsonThe process does not have sufficient permission to complete 67ca0716f5SRobert Watsonthe operation. 68ca0716f5SRobert Watson.El 69ca0716f5SRobert Watson.Sh SEE ALSO 70ca0716f5SRobert Watson.Xr auditon 2 , 71ca0716f5SRobert Watson.Xr getaudit 2 , 72ca0716f5SRobert Watson.Xr getaudit_addr 2 , 73bc168a6cSRobert Watson.Xr getauid 2 , 74bc168a6cSRobert Watson.Xr setaudit 2 , 75ca0716f5SRobert Watson.Xr setaudit_addr 2 , 76bc168a6cSRobert Watson.Xr setauid 2 , 77ca0716f5SRobert Watson.Xr libbsm 3 78bc168a6cSRobert Watson.Sh HISTORY 79bc168a6cSRobert WatsonThe OpenBSM implementation was created by McAfee Research, the security 80bc168a6cSRobert Watsondivision of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. 81bc168a6cSRobert WatsonIt was subsequently adopted by the TrustedBSD Project as the foundation for 82bc168a6cSRobert Watsonthe OpenBSM distribution. 83ca0716f5SRobert Watson.Sh AUTHORS 84bc168a6cSRobert Watson.An -nosplit 85ca0716f5SRobert WatsonThis software was created by McAfee Research, the security research division 86ca0716f5SRobert Watsonof McAfee, Inc., under contract to Apple Computer Inc. 87bc168a6cSRobert WatsonAdditional authors include 88bc168a6cSRobert Watson.An Wayne Salamon , 89bc168a6cSRobert Watson.An Robert Watson , 90bc168a6cSRobert Watsonand SPARTA Inc. 91ca0716f5SRobert Watson.Pp 92ca0716f5SRobert WatsonThe Basic Security Module (BSM) interface to audit records and audit event 93ca0716f5SRobert Watsonstream format were defined by Sun Microsystems. 94ca0716f5SRobert Watson.Pp 95ca0716f5SRobert WatsonThis manual page was written by 96ca0716f5SRobert Watson.An Tom Rhodes Aq trhodes@FreeBSD.org . 97ca0716f5SRobert Watson.Sh BUGS 98ca0716f5SRobert WatsonThe 99ca0716f5SRobert Watson.Fx 100ca0716f5SRobert Watsonkernel does not fully validate that the argument passed is syntactically 101ca0716f5SRobert Watsonvalid BSM. 102ca0716f5SRobert WatsonSubmitting invalid audit records may corrupt the audit log. 103