]> git.saurik.com Git - apple/xnu.git/blame - bsd/man/man2/audit.2
xnu-1699.22.73.tar.gz
[apple/xnu.git] / bsd / man / man2 / audit.2
CommitLineData
2d21ac55 1.\"
b0d623f7 2.\" Copyright (c) 2008 Apple Inc. All rights reserved.
2d21ac55
A
3.\"
4.\" @APPLE_LICENSE_HEADER_START@
5.\"
6.\" This file contains Original Code and/or Modifications of Original Code
7.\" as defined in and that are subject to the Apple Public Source License
8.\" Version 2.0 (the 'License'). You may not use this file except in
9.\" compliance with the License. Please obtain a copy of the License at
10.\" http://www.opensource.apple.com/apsl/ and read it before using this
11.\" file.
12.\"
13.\" The Original Code and all software distributed under the License are
14.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18.\" Please see the License for the specific language governing rights and
19.\" limitations under the License.
20.\"
21.\" @APPLE_LICENSE_HEADER_END@
22.\"
b0d623f7 23.Dd April 19, 2005
2d21ac55 24.Dt AUDIT 2
b0d623f7 25.Os
2d21ac55
A
26.Sh NAME
27.Nm audit
b0d623f7 28.Nd "commit BSM audit record to audit log"
2d21ac55 29.Sh SYNOPSIS
b0d623f7 30.In bsm/audit.h
2d21ac55 31.Ft int
b0d623f7 32.Fn audit "const char *record" "u_int length"
2d21ac55
A
33.Sh DESCRIPTION
34The
35.Fn audit
b0d623f7
A
36system call
37submits a completed BSM audit record to the system audit log.
38.Pp
39The
2d21ac55 40.Fa record
b0d623f7
A
41argument
42is a pointer to the specific event to be recorded and
43.Fa length
44is the size in bytes of the data to be written.
2d21ac55 45.Sh RETURN VALUES
b0d623f7 46.Rv -std
2d21ac55 47.Sh ERRORS
2d21ac55
A
48The
49.Fn audit
b0d623f7
A
50system call will fail and the data never written if:
51.Bl -tag -width Er
52.It Bq Er EFAULT
53The
54.Fa record
55argument is beyond the allocated address space of the process.
2d21ac55 56.It Bq Er EINVAL
b0d623f7
A
57The token ID is invalid or
58.Va length
59is larger than
60.Dv MAXAUDITDATA .
2d21ac55 61.It Bq Er EPERM
b0d623f7
A
62The process does not have sufficient permission to complete
63the operation.
2d21ac55
A
64.El
65.Sh SEE ALSO
66.Xr auditon 2 ,
b0d623f7
A
67.Xr getaudit 2 ,
68.Xr getaudit_addr 2 ,
2d21ac55 69.Xr getauid 2 ,
b0d623f7
A
70.Xr setaudit 2 ,
71.Xr setaudit_addr 2 ,
2d21ac55 72.Xr setauid 2 ,
b0d623f7 73.Xr libbsm 3
2d21ac55 74.Sh HISTORY
b0d623f7
A
75The OpenBSM implementation was created by McAfee Research, the security
76division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
77It was subsequently adopted by the TrustedBSD Project as the foundation for
78the OpenBSM distribution.
79.Sh AUTHORS
80.An -nosplit
81This software was created by McAfee Research, the security research division
82of McAfee, Inc., under contract to Apple Computer Inc.
83Additional authors include
84.An Wayne Salamon ,
85.An Robert Watson ,
86and SPARTA Inc.
87.Pp
88The Basic Security Module (BSM) interface to audit records and audit event
89stream format were defined by Sun Microsystems.
90.Pp
91This manual page was written by
92.An Tom Rhodes Aq trhodes@FreeBSD.org .
93.Sh BUGS
94The kernel does not fully validate that the argument passed is syntactically
95valid BSM. Submitting invalid audit records may corrupt the audit log.