xref: /freebsd/contrib/openbsm/man/audit_class.5 (revision bc168a6cdd45ba809a5580b6e67ebc6806b5aeb3) 
1ca0716f5SRobert Watson.\" Copyright (c) 2004 Apple Computer, Inc.
2ca0716f5SRobert Watson.\" All rights reserved.
3ca0716f5SRobert Watson.\"
4ca0716f5SRobert Watson.\" Redistribution and use in source and binary forms, with or without
5ca0716f5SRobert Watson.\" modification, are permitted provided that the following conditions
6ca0716f5SRobert Watson.\" are met:
7ca0716f5SRobert Watson.\" 1.  Redistributions of source code must retain the above copyright
8ca0716f5SRobert Watson.\"     notice, this list of conditions and the following disclaimer.
9ca0716f5SRobert Watson.\" 2.  Redistributions in binary form must reproduce the above copyright
10ca0716f5SRobert Watson.\"     notice, this list of conditions and the following disclaimer in the
11ca0716f5SRobert Watson.\"     documentation and/or other materials provided with the distribution.
12ca0716f5SRobert Watson.\" 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
13ca0716f5SRobert Watson.\"     its contributors may be used to endorse or promote products derived
14ca0716f5SRobert Watson.\"     from this software without specific prior written permission.
15ca0716f5SRobert Watson.\"
16ca0716f5SRobert Watson.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
17ca0716f5SRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18ca0716f5SRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19ca0716f5SRobert Watson.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
20ca0716f5SRobert Watson.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21ca0716f5SRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22ca0716f5SRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23ca0716f5SRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24ca0716f5SRobert Watson.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25ca0716f5SRobert Watson.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26ca0716f5SRobert Watson.\" POSSIBILITY OF SUCH DAMAGE.
27ca0716f5SRobert Watson.\"
28bc168a6cSRobert Watson.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#10 $
29ca0716f5SRobert Watson.\"
3023bf6e20SRobert Watson.Dd January 24, 2004
31ca0716f5SRobert Watson.Dt AUDIT_CLASS 5
32ca0716f5SRobert Watson.Os
33ca0716f5SRobert Watson.Sh NAME
34ca0716f5SRobert Watson.Nm audit_class
35bc168a6cSRobert Watson.Nd "audit event class descriptions"
36ca0716f5SRobert Watson.Sh DESCRIPTION
37ca0716f5SRobert WatsonThe
38ca0716f5SRobert Watson.Nm
39ca0716f5SRobert Watsonfile contains descriptions of the auditable event classes on the system.
40ca0716f5SRobert WatsonEach auditable event is a member of an event class.
41ca0716f5SRobert WatsonEach line maps an audit event
42ca0716f5SRobert Watsonmask (bitmap) to a class and a description.
4323bf6e20SRobert WatsonEntries are of the form:
4423bf6e20SRobert Watson.Pp
45bc168a6cSRobert Watson.D1 Ar classmask Ns : Ns Ar eventclass Ns : Ns Ar description
46ca0716f5SRobert Watson.Pp
47ca0716f5SRobert WatsonExample entries in this file are:
48ca0716f5SRobert Watson.Bd -literal -offset indent
49ca0716f5SRobert Watson0x00000000:no:invalid class
50ca0716f5SRobert Watson0x00000001:fr:file read
51ca0716f5SRobert Watson0x00000002:fw:file write
52ca0716f5SRobert Watson0x00000004:fa:file attribute access
53ca0716f5SRobert Watson0x00000080:pc:process
54ca0716f5SRobert Watson0xffffffff:all:all flags set
55ca0716f5SRobert Watson.Ed
56ca0716f5SRobert Watson.Sh FILES
57bc168a6cSRobert Watson.Bl -tag -width ".Pa /etc/security/audit_class" -compact
58ca0716f5SRobert Watson.It Pa /etc/security/audit_class
59ca0716f5SRobert Watson.El
60bc168a6cSRobert Watson.Sh SEE ALSO
61bc168a6cSRobert Watson.Xr audit 4 ,
62bc168a6cSRobert Watson.Xr audit_control 5 ,
63bc168a6cSRobert Watson.Xr audit_event 5 ,
64bc168a6cSRobert Watson.Xr audit_user 5
65bc168a6cSRobert Watson.Sh HISTORY
66bc168a6cSRobert WatsonThe OpenBSM implementation was created by McAfee Research, the security
67bc168a6cSRobert Watsondivision of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
68bc168a6cSRobert WatsonIt was subsequently adopted by the TrustedBSD Project as the foundation for
69bc168a6cSRobert Watsonthe OpenBSM distribution.
70ca0716f5SRobert Watson.Sh AUTHORS
71bc168a6cSRobert Watson.An -nosplit
72ca0716f5SRobert WatsonThis software was created by McAfee Research, the security research division
73ca0716f5SRobert Watsonof McAfee, Inc., under contract to Apple Computer Inc.
74bc168a6cSRobert WatsonAdditional authors include
75bc168a6cSRobert Watson.An Wayne Salamon ,
76bc168a6cSRobert Watson.An Robert Watson ,
77bc168a6cSRobert Watsonand SPARTA Inc.
78ca0716f5SRobert Watson.Pp
79ca0716f5SRobert WatsonThe Basic Security Module (BSM) interface to audit records and audit event
80ca0716f5SRobert Watsonstream format were defined by Sun Microsystems.
81