xref: /freebsd/contrib/openbsm/man/audit_class.5 (revision 389e4940069316fe667ffa263fa7d6390d0a960f) 
1.\" Copyright (c) 2004 Apple Inc.
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1.  Redistributions of source code must retain the above copyright
8.\"     notice, this list of conditions and the following disclaimer.
9.\" 2.  Redistributions in binary form must reproduce the above copyright
10.\"     notice, this list of conditions and the following disclaimer in the
11.\"     documentation and/or other materials provided with the distribution.
12.\" 3.  Neither the name of Apple Inc. ("Apple") nor the names of
13.\"     its contributors may be used to endorse or promote products derived
14.\"     from this software without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
20.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26.\" POSSIBILITY OF SUCH DAMAGE.
27.\"
28.Dd January 24, 2004
29.Dt AUDIT_CLASS 5
30.Os
31.Sh NAME
32.Nm audit_class
33.Nd "audit event class descriptions"
34.Sh DESCRIPTION
35The
36.Nm
37file contains descriptions of the auditable event classes on the system.
38Each auditable event is a member of an event class.
39Each line maps an audit event
40mask (bitmap) to a class and a description.
41Entries are of the form:
42.Pp
43.D1 Ar classmask Ns : Ns Ar eventclass Ns : Ns Ar description
44.Pp
45Example entries in this file are:
46.Bd -literal -offset indent
470x00000000:no:invalid class
480x00000001:fr:file read
490x00000002:fw:file write
500x00000004:fa:file attribute access
510x00000080:pc:process
520xffffffff:all:all flags set
53.Ed
54.Sh FILES
55.Bl -tag -width ".Pa /etc/security/audit_class" -compact
56.It Pa /etc/security/audit_class
57.El
58.Sh SEE ALSO
59.Xr audit 4 ,
60.Xr audit_control 5 ,
61.Xr audit_event 5 ,
62.Xr audit_user 5
63.Sh HISTORY
64The OpenBSM implementation was created by McAfee Research, the security
65division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
66It was subsequently adopted by the TrustedBSD Project as the foundation for
67the OpenBSM distribution.
68.Sh AUTHORS
69.An -nosplit
70This software was created by McAfee Research, the security research division
71of McAfee, Inc., under contract to Apple Computer Inc.
72Additional authors include
73.An Wayne Salamon ,
74.An Robert Watson ,
75and SPARTA Inc.
76.Pp
77The Basic Security Module (BSM) interface to audit records and audit event
78stream format were defined by Sun Microsystems.
79