AUDITCTL(2) BSD System Calls Manual AUDITCTL(2)NAME
auditctl -- configure system audit parameters
SYNOPSIS
#include <bsm/audit.h>
int
auditctl(const char *path);
DESCRIPTION
The auditctl() system call directs the kernel to open a new audit trail log file. It requires an appropriate privilege. The auditctl() sys-
tem call opens new files, but auditon(2) is used to disable the audit log.
RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the
error.
ERRORS
The auditctl() system call will fail if:
[EINVAL] The path is invalid.
[EPERM] The process does not have sufficient permission to complete the operation.
SEE ALSO auditon(2), libbsm(3), auditd(8)HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
This manual page was written by Robert Watson <rwatson@FreeBSD.org>.
BSD April 19, 2005 BSD
Check Out this Related Man Page
GETAUID(2) BSD System Calls Manual GETAUID(2)NAME
getauid -- retrieve audit session ID
SYNOPSIS
#include <bsm/audit.h>
int
getauid(au_id_t *auid);
DESCRIPTION
The getauid() system call retrieves the active audit session ID for the current process via the au_id_t pointed to by auid.
This system call requires an appropriate privilege to complete.
RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the
error.
ERRORS
The getauid() function will fail if:
[EFAULT] A failure occurred while data transferred from the kernel failed.
[EPERM] The process does not have sufficient permission to complete the operation.
SEE ALSO audit(2), auditon(2), getaudit(2), getaudit_addr(2), setaudit(2), setaudit_addr(2), setauid(2), libbsm(3)HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
This manual page was written by Robert Watson <rwatson@FreeBSD.org>.
BSD April 19, 2005 BSD
Hey,
I want to ask a simple Question....
How would I be able to come to know that files/directoires in a Parent directory has been accessed (means contents of the file has been just viewed) by the user(s) in a group ? and mail the name(s) of those files/directories which has been accessed... (16 Replies)
Has anyone used, or set up auditd?
I want to use it to audit critical system files.
Will this be hard, how would I start setting this up?
:eek: (2 Replies)
hi all
in my server all the users have the same paswd like "abc" .... i need to keep track of who changes the files using the ip addressess.... so once when a person logs in .. i need to monitor the actions or the files chagned by that person and store it in a log file .. can some one help me... (2 Replies)
Hello,
is there some way to track what shell commands some user is executing ?
Something like to have some log file where i could see what commands some user used, e.g. rm -r dirname , ls -l .... and so on ...
I have 2.6.13-1.1526_FC4smp (9 Replies)
I am trying to see what commands are typed in my terminal and serial port. For that I am using auditd daemon which helps me in auditing files.
I thought of a creating audit rules on /dev/tty and /dev/ttyAMA0 for seeing whats happening on terminal and serial device respectively.
auditctl... (0 Replies)
Hi
i am new to this area and in want to know how can i configure auditd .
i have copied /usr/share/doc/audit-2.4.1/stig.rules to /etc/audit/audit.rules then i ran auditctl -R /etc/audit/audit.rules
after that auditctl -l is listing all the rule which i mentioned in
but how can i analyze... (1 Reply)
Hi,
I have an unexpected reboot happening on a Debian 9.9 server.
Yesterday 2019-12-01 at 8:30:34 a reboot happened without me or my team being aware:
/var/log/syslog:Dec 1 08:30:34 xxxx shutdown: shutting down for system reboot
/var/log/syslog:Dec 1 08:30:34 xxxx init: Switching to... (4 Replies)