Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

aud_sitevent(3) [osf1 man page]

aud_sitevent(3) 					     Library Functions Manual						   aud_sitevent(3)

NAME

       aud_sitevent, aud_sitevent_num - audit site event operations

LIBRARY

       Audit Library  - libaud.a and libaud.so

SYNOPSIS

       aud_sitevent(
	    int event,
	    int subevent,
	    int *eventname,
	    char *subeventname);

       aud_sitevent_num(
	    char *eventname,
	    char *subeventname,
	    int *ev_num,
	    int *subev_num);

DESCRIPTION

       Audit  site events are specific to and defined by a particular installation.  For example, an installation could have its own database pro-
       gram, and want to have it use the audit subsystem.  To do so, the installation's database events and subevents would be registered  in  the
       /etc/sec/site_events file.

       The site_events file contains one entry for each site event.  Each site event entry can contain any number of subevents.  Both preselection
       (see auditmask(8)) and postreduction (see audit_tool(8)) capabilities are supported for site events.  Postreduction capabilities  are  also
       supported for subevents.

       The  aud_sitevent  function, when provided event and subevent numbers, copies the corresponding event and subevent names into eventname and
       subeventname.  If no subevent for that site event exists, subevent should be set to -1, and no subeventname will be  copied.   The  maximum
       length of an event or subevent name is AUD_MAXEVENT_LEN bytes. If the requested mapping does not exist, -1 is returned.

       The  aud_sitevent_num function, when provided eventname and subeventname, copies the corresponding event numbers into ev_num and subev_num.
       If no subevent for that site event exists, subeventname should be set to the null string,  and  subev_num  will	be  set  to  -1.   If  the
       requested mapping does not exist, -1 is returned.

       Mappings between the event and subevent numbers and names are placed into the file /etc/sec/site_events.  A sample file follows:

	    eventname 2048,
		subevent0 0,
		subevent1 1,
		...
		subevent99 99;
	    my_rdb 2049,
		rdb_creat 0,
		rdb_open 1,
		rdb_delete 2;
	    nosubeventevent 2050;

       Each  line contains an event or subevent name followed by its number.  An event number must be between MIN_SITE_EVENT (see sys/audit.h) and
       MIN_SITE_EVENT + the output of the sysconfig -q sec audit_site_events for the running kernel.  A subevent number  must  be  a  non-negative
       integer.   The  line is terminated either with a comma (,) if an associated subevent follows, or with a semicolon (;) if no further associ-
       ated subevents follow.

EXAMPLES

       The following example looks up the event and subevent numbers for event "my_rdb" and subevent "rdb_open", and generates an audit record	if
       the lookup succeeded:

       if ( aud_sitevent_num ( "my_rdb", "rdb_open",
					      &event, &subev ) == 0 )
	  audgenl ( event, T_SUBEVENT, subev, T_CHARP,
					      "sample rec", 0 );

RELATED INFORMATION

       sysconfig(8), sysconfigdb(8)

       Security

       Programming Support Tools

       delim off

																   aud_sitevent(3)

Check Out this Related Man Page

audgenl(3)						     Library Functions Manual							audgenl(3)

NAME

       audgenl - generate an audit record

LIBRARY

       Audit Library  - libaud.a and libaud.so

SYNOPSIS

       #include <sys/audit.h>

       int audgenl (
	    unsigned event [ ,token_type, token_val] ... , 0 );

PARAMETERS

       event
	 The event value of the operation being audited.

       token_type,token_val
	 A type and value pair defining the data to be placed in the audit record.

DESCRIPTION

       This  routine  is  an  interface to the audgen system call.  It accepts a variable number of arguments describing the event and audit data,
       then calls audgen with the appropriate parameters to generate the audit record.	This routine is found in the library and  is  loaded  with
       the libaud.a and libaud.so -laud option.

       The event argument indicates the event value of the operation being audited, as defined in audit.h.  The value of event must be between one
       of the  following  two  values:	MIN_TRUSTED_EVENT  and	MIN_TRUSTED_EVENT  +  N_TRUSTED_EVENTS	-1  MIN_SITE_EVENT  and  MIN_SITE_EVENT  +
       n_site_events -1

       The  constants  are  defined in audit.h.  The definition of n_site_events is determined by executing the sysconfig -q sec audit_site_events
       command on the running kernel.

       The argument pairs containing token_type and token_val describe the data that is  to  be  placed  into  the  audit  record.   The  argument
       token_type describes the type of data, as defined in the set of public tokens (in audit.h).

       The  argument  token_val should be set to the value of the token when the token is represented by an int or long data type, or be a pointer
       to the data described by the token when the token references a character string, or other variable length field or structure.

RESTRICTIONS

       The audgen system call is privileged.

       The maximum number of token_type, token_val pairs allowed is 128, with no more than 8 instances of any one token_type.

RETURN VALUES

       On successful completion, a value of 0 is returned.  Otherwise, a value of -1 is returned and the global integer variable errno is  set	to
       indicate the error.

ERRORS

       [EACCES]       The user is not privileged for this operation.

       [EINVAL]       The value supplied for an argument is invalid.

       [E2BIG]	      The audit record exceeds the audit record size.

       [ENOSYS]       Indicates an attempt to use a system call that is not configured.

       [EIO]	      The tokenmask data is invalid.

       [EIO]	      The size argument is non-zero, and the userbuff argument is invalid.

       [EFAULT]       A value referenced by the argv argument is invalid.

RELATED INFORMATION

       audgen(2), sysconfig(8), sysconfigdb(8)

       Security delim off

																	audgenl(3)
Man Page