getacinfo.3bsm revision c10c16dec587a0662068f6e2991c29ed3a9db943
te
Copyright (c) 2005, Sun Microsystems, Inc.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
getacinfo 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
NAME
getacinfo, getacdir, getacflg, getacmin, getacna, setac, endac - get audit control file information
SYNOPSIS

cc [ flag... ] file... -lbsm  -lsocket   -lnsl  [ library... ]
#include <bsm/libbsm.h>

int getacdir( char *dir, int len);


int getacmin( int *min_val);


int getacflg( char *auditstring, int len);


int getacna( char *auditstring, int len);


void setac(void);


void endac(void);
DESCRIPTION

When first called, getacdir() provides information about the first audit directory in the audit_control file. Thereafter, it returns the next directory in the file. Successive calls list all the directories listed in audit_control(4) The len argument specifies the length of the buffer dir. On return, dir points to the directory entry.

The getacmin() function reads the minimum value from the audit_control file and returns the value in min_val. The minimum value specifies how full the file system to which the audit files are being written can get before the script audit_warn(1M) is invoked.

The getacflg() function reads the system audit value from the audit_control file and returns the value in auditstring. The len argument specifies the length of the buffer auditstring.

The getacna() function reads the system audit value for non-attributable audit events from the audit_control file and returns the value in auditstring. The len argument specifies the length of the buffer auditstring. Non-attributable events are events that cannot be attributed to an individual user. The inetd(1M) utility and several other daemons record non-attributable events.

The setac() function rewinds the audit_control file to allow repeated searches.

The endac() function closes the audit_control file when processing is complete.

FILES

/etc/security/audit_control

file containing default parameters read by the audit daemon, auditd(1M)

RETURN VALUES

The getacdir(), getacflg(), getacna(), and getacmin() functions return:

0

on success.

-2

on failure and set errno to indicate the error.

The getacmin() and getacflg() functions return:

1

on EOF.

The getacdir() function returns:

-1

on EOF.

2

if the directory search had to start from the beginning because one of the other functions was called between calls to getacdir().

These functions return:

-3

if the directory entry format in the audit_control file is incorrect.

The getacdir(), getacflg(), and getacna() functions return:

-3

if the input buffer is too short to accommodate the record.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
MT-LevelSafe
SEE ALSO

audit_warn(1M), bsmconv(1M), inetd(1M), audit_control(4), attributes(5)

NOTES

The functionality described on this manual page is available only if the Solaris Auditing has been enabled. See bsmconv(1M) for more information.