Manual Reference Pages - AU_PRESELECT (3)
- convert between string and numeric values of audit masks
au_preselect au_event_t event au_mask_t *mask_p int sorf int flag
getauditflagsbin char *auditstr au_mask_t *masks
getauditflagschar char *auditstr au_mask_t *masks int verbose
These interfaces support processing of an audit mask represented by type
.Vt au_mask_t ,
including conversion between numeric and text formats, and computing whether
or not an event is matched by a mask.
calculates whether or not the audit event passed via
is matched by the audit mask passed via
argument indicates whether or not to consider the event as a success,
flag is set, or failure, if the
flag is set.
argument accepts additional arguments influencing the behavior of
which causes the event to be re-looked up rather than read from the cache,
which forces use of the cache.
converts a string representation of an audit mask passed via a character
string pointed to by
returning the resulting mask, if valid, via
converts the audit event mask passed via
and converts it to a character string in a buffer pointed to by
section for more information on how to provide a buffer of
flag is set, the class description string retrieved from
will be used; otherwise, the two-character class name.
makes implicit use of various audit database routines, and may influence
the behavior of simultaneous or interleaved processing of those databases by
returns 0 on success, or returns -1 if there is a failure looking up the
event type or other database access, in which case
will be set to indicate the error.
It returns 1 if the event is matched; 0 if not.
.Rv -std getauditflagsbin getauditflagschar
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
It was subsequently adopted by the TrustedBSD Project as the foundation for
the OpenBSM distribution.
This software was created by
.An Robert Watson ,
.An Wayne Salamon ,
.An Suresh Krishnaswamy
for McAfee Research, the security research division of McAfee,
Inc., under contract to Apple Computer, Inc.
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
may not always be properly set in the event of an error.
does not provide a way to indicate how long the character buffer is, in order
to detect overflow.
As a result, the caller must always provide a buffer of sufficient length for
any possible mask, which may be calculated as three times the number of
non-zero bits in the mask argument in the event non-verbose class names are
used, and is not trivially predictable for verbose class names.
This API should be replaced with a more robust one.
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.