[apple/xnu.git] / bsd / man / man2 / audit.2

.\"
.\" Copyright (c) 2008 Apple Inc. All rights reserved.
.\"
.\" @APPLE_LICENSE_HEADER_START@
.\" 
.\" This file contains Original Code and/or Modifications of Original Code
.\" as defined in and that are subject to the Apple Public Source License
.\" Version 2.0 (the 'License'). You may not use this file except in
.\" compliance with the License. Please obtain a copy of the License at
.\" http://www.opensource.apple.com/apsl/ and read it before using this
.\" file.
.\" 
.\" The Original Code and all software distributed under the License are
.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
.\" Please see the License for the specific language governing rights and
.\" limitations under the License.
.\" 
.\" @APPLE_LICENSE_HEADER_END@
.\"
.Dd April 19, 2005
.Dt AUDIT 2
.Os
.Sh NAME
.Nm audit
.Nd "commit BSM audit record to audit log"
.Sh SYNOPSIS
.In bsm/audit.h
.Ft int
.Fn audit "const char *record" "u_int length"
.Sh DESCRIPTION
The
.Fn audit
system call
submits a completed BSM audit record to the system audit log.
.Pp
The
.Fa record
argument
is a pointer to the specific event to be recorded and
.Fa length
is the size in bytes of the data to be written.
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
The
.Fn audit
system call will fail and the data never written if:
.Bl -tag -width Er
.It Bq Er EFAULT
The
.Fa record
argument is beyond the allocated address space of the process.
.It Bq Er EINVAL
The token ID is invalid or
.Va length
is larger than
.Dv MAXAUDITDATA .
.It Bq Er EPERM
The process does not have sufficient permission to complete
the operation.
.El
.Sh SEE ALSO
.Xr auditon 2 ,
.Xr getaudit 2 ,
.Xr getaudit_addr 2 ,
.Xr getauid 2 ,
.Xr setaudit 2 ,
.Xr setaudit_addr 2 ,
.Xr setauid 2 ,
.Xr libbsm 3
.Sh HISTORY
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
It was subsequently adopted by the TrustedBSD Project as the foundation for
the OpenBSM distribution.
.Sh AUTHORS
.An -nosplit
This software was created by McAfee Research, the security research division
of McAfee, Inc., under contract to Apple Computer Inc.
Additional authors include
.An Wayne Salamon ,
.An Robert Watson ,
and SPARTA Inc.
.Pp
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
.Pp
This manual page was written by
.An Tom Rhodes Aq trhodes@FreeBSD.org .
.Sh BUGS
The kernel does not fully validate that the argument passed is syntactically
valid BSM.  Submitting invalid audit records may corrupt the audit log.
Commit	Line	Data
2d21ac55	1	.\"
b0d623f7	2	.\" Copyright (c) 2008 Apple Inc. All rights reserved.
2d21ac55 A	3	.\"
	4	.\" @APPLE_LICENSE_HEADER_START@
	5	.\"
	6	.\" This file contains Original Code and/or Modifications of Original Code
	7	.\" as defined in and that are subject to the Apple Public Source License
	8	.\" Version 2.0 (the 'License'). You may not use this file except in
	9	.\" compliance with the License. Please obtain a copy of the License at
	10	.\" http://www.opensource.apple.com/apsl/ and read it before using this
	11	.\" file.
	12	.\"
	13	.\" The Original Code and all software distributed under the License are
	14	.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	.\" Please see the License for the specific language governing rights and
	19	.\" limitations under the License.
	20	.\"
	21	.\" @APPLE_LICENSE_HEADER_END@
	22	.\"
b0d623f7	23	.Dd April 19, 2005
2d21ac55	24	.Dt AUDIT 2
b0d623f7	25	.Os
2d21ac55 A	26	.Sh NAME
2d21ac55 A	27	.Nm audit
b0d623f7	28	.Nd "commit BSM audit record to audit log"
2d21ac55	29	.Sh SYNOPSIS
b0d623f7	30	.In bsm/audit.h
2d21ac55	31	.Ft int
b0d623f7	32	.Fn audit "const char *record" "u_int length"
2d21ac55 A	33	.Sh DESCRIPTION
	34	The
	35	.Fn audit
b0d623f7 A	36	system call
	37	submits a completed BSM audit record to the system audit log.
	38	.Pp
	39	The
2d21ac55	40	.Fa record
b0d623f7 A	41	argument
	42	is a pointer to the specific event to be recorded and
	43	.Fa length
	44	is the size in bytes of the data to be written.
2d21ac55	45	.Sh RETURN VALUES
b0d623f7	46	.Rv -std
2d21ac55	47	.Sh ERRORS
2d21ac55 A	48	The
2d21ac55 A	49	.Fn audit
b0d623f7 A	50	system call will fail and the data never written if:
	51	.Bl -tag -width Er
	52	.It Bq Er EFAULT
	53	The
	54	.Fa record
	55	argument is beyond the allocated address space of the process.
2d21ac55	56	.It Bq Er EINVAL
b0d623f7 A	57	The token ID is invalid or
	58	.Va length
	59	is larger than
	60	.Dv MAXAUDITDATA .
2d21ac55	61	.It Bq Er EPERM
b0d623f7 A	62	The process does not have sufficient permission to complete
b0d623f7 A	63	the operation.
2d21ac55 A	64	.El
	65	.Sh SEE ALSO
	66	.Xr auditon 2 ,
b0d623f7 A	67	.Xr getaudit 2 ,
b0d623f7 A	68	.Xr getaudit_addr 2 ,
2d21ac55	69	.Xr getauid 2 ,
b0d623f7 A	70	.Xr setaudit 2 ,
b0d623f7 A	71	.Xr setaudit_addr 2 ,
2d21ac55	72	.Xr setauid 2 ,
b0d623f7	73	.Xr libbsm 3
2d21ac55	74	.Sh HISTORY
b0d623f7 A	75	The OpenBSM implementation was created by McAfee Research, the security
	76	division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
	77	It was subsequently adopted by the TrustedBSD Project as the foundation for
	78	the OpenBSM distribution.
	79	.Sh AUTHORS
	80	.An -nosplit
	81	This software was created by McAfee Research, the security research division
	82	of McAfee, Inc., under contract to Apple Computer Inc.
	83	Additional authors include
	84	.An Wayne Salamon ,
	85	.An Robert Watson ,
	86	and SPARTA Inc.
	87	.Pp
	88	The Basic Security Module (BSM) interface to audit records and audit event
	89	stream format were defined by Sun Microsystems.
	90	.Pp
	91	This manual page was written by
	92	.An Tom Rhodes Aq trhodes@FreeBSD.org .
	93	.Sh BUGS
	94	The kernel does not fully validate that the argument passed is syntactically
	95	valid BSM. Submitting invalid audit records may corrupt the audit log.