Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audcntl(2) — Ultrix/UWS 4.0 VAX

Media Vault

Software Library

Restoration Projects

Artifacts Sought

audcntl(2)

Name

audcntl − audit control

Syntax

#include <sys/audit.h>

audcntl(request, argp, len, cntl, audit_id)
int request;
char *argp;
int len;
char cntl;
audit_ID_t audit_id;

Description

The audcntl system call provides control over options offered by the audit subsystem. All requests are privileged. The following list describes the requests:

GET_SYS_AMASK and SET_SYS_AMASK
The system audit mask determines which system events are logged. GET_SYS_AMASK places the values of the system audit mask into a buffer pointed at by argp.  SET_SYS_AMASK takes the values from a buffer pointed at by argp and assigns them to the system audit mask. Getting or setting the system mask returns the number of bytes transferred between the user’s buffer and the audit mask.  Len is the size of the user’s buffer. The amount of data moved between the audit mask and the user’s buffer is the smaller of the audit mask size and the buffer size. 

GET_TRUSTED_AMASK and SET_TRUSTED_AMASK
The trusted audit mask determines which trusted events are logged. GET_TRUSTED_AMASK places the values of the trusted audit mask into a buffer pointed at by argp.  SET_TRUSTED_AMASK takes the values from a buffer pointed at by argp and assigns them to the trusted audit mask. Getting  or setting the trusted events mask returns the number of bytes transferred between the user’s buffer and the audit mask.  Len is the size of the user’s buffer. The amount of data moved between the audit mask and the user’s buffer is the smaller of the audit mask size and the buffer size. 

GET_PROC_AMASK and SET_PROC_AMASK
The process audit mask determines which system events are logged for the current process. GET_PROC_AMASK places the values of the process audit mask into a buffer pointed at by argp.  SET_PROC_AMASK takes the values from a buffer pointed at by argp and assigns them to the process audit mask. Getting  or setting the process mask returns the number of bytes transferred between the user’s buffer and the audit mask.  Len is the size of the user’s buffer. The amount of data moved between the audit mask and the user’s buffer is the smaller of the audit mask size and the buffer size. 

GET_PROC_ACNTL and SET_PROC_ACNTL
GET_PROC_ACNTL returns the audit control flags (the audcntl byte) of the current process (see audit.h ). Audit control flags determine whether auditing for the process is ON or OFF, and if ON, whether the process audit mask is logically ANDed or ORed with the system audit mask. SET_PROC_ACNTL assigns the values of the audit control flags from cntl and returns the previous values of the flags. 

GET_AUDSWITCH and SET_AUDSWITCH
GET_AUDSWITCH returns the value of the system audit switch. A return value of 1 indicates auditing is turned on. A value of zero indicates auditing is turned off. SET_AUDSWITCH assigns the value of cntl to the system audit switch and returns the previous audit switch value.  A value of 1 turns auditing on.  A value of zero turns auditing off. 

FLUSH_AUD_BUF
Flushes kernel audit buffer out to /dev/audit.

GETPAID and SETPAID
GETPAID returns the audit ID of the calling process. SETPAID assigns the value of audit_id to the process audit ID.  SETPAID is effective only if audit_id is greater than 0. 

Return Value

The values returned for successful calls can be found under the description of the specific call request. 

If a call fails, a −1 is returned. 

Diagnostics

The audcntl call fails under the following conditions:

[EFAULT] The argp argument contains an invalid address. 

[EACCES] The user does not have the privileges needed to perform this operation. 

[EINVAL] The value of the len or request argument is invalid or audit_id was previously set. 

[EPERM] The user is not privileged to get or set the audit ID, or the user attempted to get the audit ID when it was not set. 

[EOPNOTSUPP]
The request argument contains an unsupported operation. 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026