Copyright (c) 2005, Sun Microsystems, Inc.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ] #include <bsm/libbsm.h> int getacdir( char *dir, int len);
int getacmin( int *min_val);
int getacflg( char *auditstring, int len);
int getacna( char *auditstring, int len);
void setac(void);
void endac(void);
When first called, getacdir() provides information about the first audit directory in the audit_control file. Thereafter, it returns the next directory in the file. Successive calls list all the directories listed in audit_control(4) The len argument specifies the length of the buffer dir. On return, dir points to the directory entry.
The getacmin() function reads the minimum value from the audit_control file and returns the value in min_val. The minimum value specifies how full the file system to which the audit files are being written can get before the script audit_warn(1M) is invoked.
The getacflg() function reads the system audit value from the audit_control file and returns the value in auditstring. The len argument specifies the length of the buffer auditstring.
The getacna() function reads the system audit value for non-attributable audit events from the audit_control file and returns the value in auditstring. The len argument specifies the length of the buffer auditstring. Non-attributable events are events that cannot be attributed to an individual user. The inetd(1M) utility and several other daemons record non-attributable events.
The setac() function rewinds the audit_control file to allow repeated searches.
The endac() function closes the audit_control file when processing is complete.
file containing default parameters read by the audit daemon, auditd(1M)
The getacdir(), getacflg(), getacna(), and getacmin() functions return:
0
on success.
-2
on failure and set errno to indicate the error.
The getacmin() and getacflg() functions return:
1
on EOF.
The getacdir() function returns:
-1
on EOF.
2
if the directory search had to start from the beginning because one of the other functions was called between calls to getacdir().
These functions return:
-3
if the directory entry format in the audit_control file is incorrect.
The getacdir(), getacflg(), and getacna() functions return:
-3
if the input buffer is too short to accommodate the record.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
MT-Level | Safe |
audit_warn(1M), bsmconv(1M), inetd(1M), audit_control(4), attributes(5)
The functionality described on this manual page is available only if the Solaris Auditing has been enabled. See bsmconv(1M) for more information.