Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

setaudproc(2) [hpux man page]

setaudproc(2)							System Calls Manual						     setaudproc(2)

NAME

       setaudproc() - controls process level auditing for the current process and its decendents

SYNOPSIS

DESCRIPTION

       controls  process  level  auditing for the current process and its decendents.  It accomplishes this by setting or clearing the flag in the
       area of the calling process.  When this flag is set, the system audits the process; when it is cleared, the process is not  audited.   This
       call is restricted to users with the privilege.

       One of the following flags must be used for aflag:

	      Audit the calling process and its decendents.
	      Do not audit the calling process and its decendents.

       The  flag  is  inherited by the descendents of a process.  consequently, the effect of a call to is not limited to the current process, but
       propagates to all its decendents as well.  For example, if is called with the flag, all subsequent audited  system  calls  in  the  current
       process are audited until is called with the flag.

       Further,  performs its action regardless of whether the user executing the process has been selected to be audited or not.  For example, if
       is called with the (or the flag, all subsequent audited system calls will be audited (or not audited), regardless of whether the user  exe-
       cuting the process has been selected for auditing or not.

       Due  to	these features, should not be used in most self-auditing applications.	should be used (see audswitch(2)) when the objective is to
       suspend auditing within a process without affecting its decendents or overriding the user selection aspect of the auditing system.

   Security Restrictions
       Some or all of the actions associated with this system call require the privilege.  Processes owned by the superuser have  this	privilege.
       Processes  owned  by  other users may have this privilege, depending on system configuration.  See privileges(5) for more information about
       privileged access on systems that support fine-grained privileges.

RETURN VALUE

       Upon successful completion, returns 0; otherwise, it returns -1 and sets to indicate the error.

AUTHOR

       was developed by HP.

SEE ALSO

       audevent(1M), audusr(1M), audswitch(2), getaudproc(2), audit(5), privileges(5).

																     setaudproc(2)

Check Out this Related Man Page

audit(4)						     Kernel Interfaces Manual							  audit(4)

NAME

       audit - audit trail format and other information for auditing

DESCRIPTION

       Audit  records  are  generated  when  users  make security-relevant system calls, as well as by self-auditing processes that call (see aud-
       write(2)).  Access to the auditing system is restricted to super-user.

       Each audit record consists of an audit record header and a record body.	The record header is comprised of  sequence  number,  process  ID,
       event  type,  and record body length.  The sequence number gives relative order of all records; the process ID belongs to the process being
       audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes.

       The record body is the variable-length component of an audit record containing more information about the audited  activity.   For  records
       generated  by  system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the
       system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the  high-
       level description of the event (see audwrite(2)).

       The  records  in  the audit trail are compressed to save file space.  When a process is audited the first time, a pid identification record
       (PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process.   This  includes
       the  parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective,  permit-
       ted, and retained privileges, compartment ID, and the terminal ID (tty).  The PIR is entered only once per process per audit trail.

       Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)).

AUTHOR

       was developed by HP.

SEE ALSO

       audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5).

																	  audit(4)
Man Page