Lines Matching refs:audit
46 * audit records. None of the "global state" is returned by an
55 #define AUC_AUDITING 0x1 /* audit daemon is active */
56 #define AUC_NOAUDIT 0x2 /* audit daemon is not active */
57 #define AUC_INIT_AUDIT 0x4 /* audit ready but auditd has not run */
58 #define AUC_NOSPACE 0x8 /* audit enabled, no space for audit records */
80 #define PAD_FAILURE 0x8000 /* fail audit event */
94 * An audit event mask.
236 #define A_GETPOLICY 2 /* get audit policy */
237 #define A_SETPOLICY 3 /* set audit policy */
238 #define A_GETKMASK 4 /* get non-attributable event audit mask */
239 #define A_SETKMASK 5 /* set non-attributable event audit mask */
240 #define A_GETQCTRL 6 /* get kernel audit queue ctrl parameters */
241 #define A_SETQCTRL 7 /* set kernel audit queue ctrl parameters */
244 #define A_GETSTAT 12 /* get audit statistics */
245 #define A_SETSTAT 13 /* (re)set audit statistics */
248 #define A_GETCOND 20 /* get audit system on/off condition */
249 #define A_SETCOND 21 /* set audit system on/off condition */
250 #define A_GETCLASS 22 /* get audit event to class mapping */
251 #define A_SETCLASS 23 /* set audit event to class mapping */
252 #define A_GETPINFO 24 /* get audit info for an arbitrary pid */
254 #define A_GETPINFO_ADDR 28 /* get audit info for an arbitrary pid */
255 #define A_GETKAUDIT 29 /* get kernel audit characteristics */
256 #define A_SETKAUDIT 30 /* set kernel audit characteristics */
257 #define A_GETAMASK 31 /* set user default audit event mask */
258 #define A_SETAMASK 32 /* get user default audit event mask */
272 #define AUDIT_PUBLIC 0x0400 /* audit even "public" files */
274 #define AUDIT_PERZONE 0x1000 /* auditd and audit queue for each zone */
289 * Kernel audit queue control parameters
291 * audit record recording blocks at hiwater # undelived records
292 * audit record recording resumes at lowwater # undelivered audit records
293 * bufsz determines how big the data xfers will be to the audit trail
296 size_t aq_hiwater; /* kernel audit queue, high water mark */
297 size_t aq_lowater; /* kernel audit queue, low water mark */
298 size_t aq_bufsz; /* kernel audit queue, write size to trail */
299 clock_t aq_delay; /* delay before flushing audit queue */
429 unsigned int as_version; /* version of kernel audit code */
430 unsigned int as_numevent; /* number of kernel audit events */
434 uint32_t as_audit; /* # records processed by audit(2) */
436 uint32_t as_enqueue; /* # records put onto audit queue */
437 uint32_t as_written; /* # records written to audit trail */
438 uint32_t as_wblocked; /* # times write blked on audit queue */
439 uint32_t as_rblocked; /* # times read blked on audit queue */
440 uint32_t as_dropped; /* # of dropped audit records */
441 uint32_t as_totalsize; /* total number bytes of audit data */
446 /* get kernel audit context dependent on AUDIT_PERZONE policy */
450 /* get kernel audit context of global zone */
452 /* get kernel audit context of non-global zone */
459 * audit token IPC types (shm, sem, msg) [for ipc attribute]
506 int audit(caddr_t, int);
556 /* Zone audit context setup routine */
569 /* The audit mask defining in which case is auditing enabled */
573 * Get the given zone audit status. zcontext != NULL serves