2 * Copyright (c) 2005 Apple Computer, Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#8 $
32 #include <sys/types.h>
41 * Write an audit-related error to the system log via syslog(3).
44 auditwarnlog(char *args[])
50 loc_args[0] = AUDITWARN_SCRIPT;
51 for (i = 0; args[i] != NULL && i < 8; i++)
52 loc_args[i+1] = args[i];
62 execv(AUDITWARN_SCRIPT, loc_args);
63 syslog(LOG_ERR, "Could not exec %s (%m)\n",
74 * Indicates that the hard limit for all filesystems has been exceeded count
78 audit_warn_allhard(int count)
83 snprintf(intstr, 12, "%d", count);
85 args[0] = HARDLIM_ALL_WARN;
89 return (auditwarnlog(args));
93 * Indicates that the soft limit for all filesystems has been exceeded.
96 audit_warn_allsoft(void)
100 args[0] = SOFTLIM_ALL_WARN;
103 return (auditwarnlog(args));
107 * Indicates that someone other than the audit daemon turned off auditing.
108 * XXX Its not clear at this point how this function will be invoked.
110 * XXXRW: This function is not used.
113 audit_warn_auditoff(void)
117 args[0] = AUDITOFF_WARN;
120 return (auditwarnlog(args));
124 * Indicate that a trail file has been closed, so can now be post-processed.
127 audit_warn_closefile(char *filename)
131 args[0] = CLOSEFILE_WARN;
135 return (auditwarnlog(args));
139 * Indicates that the audit deammn is already running
142 audit_warn_ebusy(void)
146 args[0] = EBUSY_WARN;
149 return (auditwarnlog(args));
153 * Indicates that there is a problem getting the directory from
156 * XXX Note that we take the filename instead of a count as the argument here
157 * (different from BSM).
160 audit_warn_getacdir(char *filename)
164 args[0] = GETACDIR_WARN;
168 return (auditwarnlog(args));
172 * Indicates that the hard limit for this file has been exceeded.
175 audit_warn_hard(char *filename)
179 args[0] = HARDLIM_WARN;
183 return (auditwarnlog(args));
187 * Indicates that auditing could not be started.
190 audit_warn_nostart(void)
194 args[0] = NOSTART_WARN;
197 return (auditwarnlog(args));
201 * Indicaes that an error occrred during the orderly shutdown of the audit
205 audit_warn_postsigterm(void)
209 args[0] = POSTSIGTERM_WARN;
212 return (auditwarnlog(args));
216 * Indicates that the soft limit for this file has been exceeded.
219 audit_warn_soft(char *filename)
223 args[0] = SOFTLIM_WARN;
227 return (auditwarnlog(args));
231 * Indicates that the temporary audit file already exists indicating a fatal
235 audit_warn_tmpfile(void)
239 args[0] = TMPFILE_WARN;
242 return (auditwarnlog(args));