bsd/man/man2/audit.2

   1 .\"
   2 .\" Copyright (c) 2008 Apple Inc. All rights reserved.
   3 .\"
   4 .\" @APPLE_LICENSE_HEADER_START@
   5 .\"
   6 .\" This file contains Original Code and/or Modifications of Original Code
   7 .\" as defined in and that are subject to the Apple Public Source License
   8 .\" Version 2.0 (the 'License'). You may not use this file except in
   9 .\" compliance with the License. Please obtain a copy of the License at
  10 .\" http://www.opensource.apple.com/apsl/ and read it before using this
  11 .\" file.
  12 .\"
  13 .\" The Original Code and all software distributed under the License are
  14 .\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15 .\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16 .\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17 .\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18 .\" Please see the License for the specific language governing rights and
  19 .\" limitations under the License.
  20 .\"
  21 .\" @APPLE_LICENSE_HEADER_END@
  22 .\"
  23 .Dd April 19, 2005
  24 .Dt AUDIT 2
  25 .Os
  26 .Sh NAME
  27 .Nm audit
  28 .Nd "commit BSM audit record to audit log"
  29 .Sh SYNOPSIS
  30 .In bsm/audit.h
  31 .Ft int
  32 .Fn audit "const char *record" "u_int length"
  33 .Sh DESCRIPTION
  34 The
  35 .Fn audit
  36 system call
  37 submits a completed BSM audit record to the system audit log.
  38 .Pp
  39 The
  40 .Fa record
  41 argument
  42 is a pointer to the specific event to be recorded and
  43 .Fa length
  44 is the size in bytes of the data to be written.
  45 .Sh RETURN VALUES
  46 .Rv -std
  47 .Sh ERRORS
  48 The
  49 .Fn audit
  50 system call will fail and the data never written if:
  51 .Bl -tag -width Er
  52 .It Bq Er EFAULT
  53 The
  54 .Fa record
  55 argument is beyond the allocated address space of the process.
  56 .It Bq Er EINVAL
  57 The token ID is invalid or
  58 .Va length
  59 is larger than
  60 .Dv MAXAUDITDATA .
  61 .It Bq Er EPERM
  62 The process does not have sufficient permission to complete
  63 the operation.
  64 .El
  65 .Sh SEE ALSO
  66 .Xr auditon 2 ,
  67 .Xr getaudit 2 ,
  68 .Xr getaudit_addr 2 ,
  69 .Xr getauid 2 ,
  70 .Xr setaudit 2 ,
  71 .Xr setaudit_addr 2 ,
  72 .Xr setauid 2 ,
  73 .Xr libbsm 3
  74 .Sh HISTORY
  75 The OpenBSM implementation was created by McAfee Research, the security
  76 division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
  77 It was subsequently adopted by the TrustedBSD Project as the foundation for
  78 the OpenBSM distribution.
  79 .Sh AUTHORS
  80 .An -nosplit
  81 This software was created by McAfee Research, the security research division
  82 of McAfee, Inc., under contract to Apple Computer Inc.
  83 Additional authors include
  84 .An Wayne Salamon ,
  85 .An Robert Watson ,
  86 and SPARTA Inc.
  87 .Pp
  88 The Basic Security Module (BSM) interface to audit records and audit event
  89 stream format were defined by Sun Microsystems.
  90 .Pp
  91 This manual page was written by
  92 .An Tom Rhodes Aq trhodes@FreeBSD.org .
  93 .Sh BUGS
  94 The kernel does not fully validate that the argument passed is syntactically
  95 valid BSM.  Submitting invalid audit records may corrupt the audit log.