Cross Reference: /illumos-gate/usr/src/lib/libbsm/common/adt.c

Lines Matching refs:audit
29 #include <bsm/audit.h>
71  * Local audit states are a bit mask
73  * The global audit states are
80  * AUC_AUDITING         0x1     - audit daemon is active
81  * AUC_NOAUDIT          0x2     - audit daemon is not active
82  * AUC_INIT_AUDIT       0x4     - audit is ready but auditd has not run
83  * AUC_NOSPACE          0x8     - audit enabled, no space for audit records
88  * The pseudo audit state used when the c2audit module is excluded is
99  * the underlying audit code are noted in syslog.)
177  * Get user_specific/non-attributable audit mask. This may be called even when
226  *     hostname . audit id . unix time . pid . count
283  * 3    The various audit interfaces (except ucred) pass the 32 or
331  * If 0, the session is "no audit" until a call to adt_set_user; if
332  * ADT_USE_PROC_DATA, the session is built from the process audit
334  * not NULL, the resulting audit mask is an OR of the current process
335  * audit mask and that passed in.
373 	 * imported state represents a valid audit trail
394 	adt_write_syslog("audit session create failed", errno);
401  * loads the event translation table into the audit session.
428  * audit characteristics are not changed by put, use adt_set_proc().
469  * very good reason for setting your own audit id.  The process
470  * audit characteristics are not changed by put, use adt_set_proc().
509  * The process  audit characteristics are not changed by put, use
553  * The process  audit characteristics are not changed by put, use
747 		 * kernel audit context
751 			adt_write_syslog("unable to get kernel audit context",
816  * Otherwise the caller would need to be aware of the audit state.
877  * Otherwise the caller would need to be aware of the audit state.
940  * the audit session id.  See also adt_get_asid() for how to
1281 	/* save local audit state */
1288 	 * If audit isn't enabled on the remote, they were unable
1289 	 * to generate the audit mask, so generate it based on
1330  * audit off case.
1399  * adt_init -- set session context by copying the audit characteristics
1402  * By default, an audit session is based on the process; the default
1520 	adt_write_syslog("failed to set process audit characteristics", errno);
1545 	/* Assume intending to audit as this process */
1614 	if (session_data == NULL) /* no session exists to audit */
1698  * the incoming audit mask with the one that already exists.
1716 	if (session_data == NULL) /* no session exists to audit */
1799 	 * need to return a valid event pointer even if audit is