2 .\" Copyright (c) 2005-2006 Robert N. M. Watson
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 .Nd "look up information from the audit_control database"
53 .Fn getacdir "char *name" "int len"
57 .Fn getacexpire "int *andflg" "time_t *age" "size_t *size"
59 .Fn getacfilesz "size_t *size_val"
61 .Fn getacflg "char *auditstr" "int len"
63 .Fn getachost "char *auditstr" "int len"
65 .Fn getacmin "int *min_val"
67 .Fn getacna "char *auditstr" "int len"
69 .Fn getacpol "char *auditstr" "size_t len"
71 .Fn getacqsize "int *size_val"
73 .Fn au_poltostr "int policy" "size_t maxsize" "char *buf"
75 .Fn au_strtopol "const char *polstr" "int *policy"
77 These interfaces may be used to look up information from the
79 database, which contains various audit-related administrative parameters.
84 resets the database iterator to the beginning of the database; see the
86 section for more information.
98 returns the name of the directory where log data is stored via the passed
106 function returns a value that allows to decide if trail files distribution is
112 returns the audit trail file expiration parameters in the passed
123 If the parameter is not specified in the
125 file it is set to zero.
130 returns the audit trail rotation size in the passed
138 returns the audit system flags via the the passed character buffer
146 returns the local systems's audit host information via the the passed character
155 returns the minimum free disk space for the audit log target file system via
163 returns the non-attributable flags via the passed character buffer
171 returns the audit policy flags via the passed character buffer
178 function returns the size of the audit post-commit queue in the passed
181 If the parameter is not specified in the
185 indicating that the kernel's default queue size is being used.
190 converts a numeric audit policy mask,
192 to a string in the passed character buffer
200 converts an audit policy flags string,
202 to a numeric audit policy mask returned via
218 return 0 on success, or a negative value on failure, along with error
225 returns a string length of 0 or more on success, or a negative value on
226 if there is a failure.
230 function returns 1 if trail files distribution is turned on, 0 if it is turned
231 off or negative value on failure.
233 Functions that return a string value will return a failure if there is
234 insufficient room in the passed character buffer for the full string.
239 The OpenBSM implementation was created by McAfee Research, the security
240 division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
241 It was subsequently adopted by the TrustedBSD Project as the foundation for
242 the OpenBSM distribution.
245 This software was created by
249 .An Suresh Krishnaswamy
250 for McAfee Research, the security research division of McAfee,
251 Inc., under contract to Apple Computer, Inc.
253 The Basic Security Module (BSM) interface to audit records and audit event
254 stream format were defined by Sun Microsystems.
256 These routines cannot currently distinguish between an entry not being found
257 and an error accessing the database.
258 The implementation should be changed to return an error via
264 There is no reason for the
266 interface to be exposed as part of the public API, as it is called implicitly
267 by other access functions and iteration is not supported.
269 These interfaces inconsistently return various negative values depending on
270 the failure mode, and do not always set