audit
Purpose
Enables and disables auditing.
Syntax
#include <sys/audit.h>
int audit (path, cmd)
char *path;
int cmd;
Description
The auditing system is either enabled or disabled. When
the auditing system is enabled, audit records are created
for certain events, and these records are appended to the
audit trail file specified by the path parameter. The
last file name component of the path parameter must not
be more than ten characters because the auditing system
uses this name and attaches a four-character suffix.
If Distributed Services is installed on your system, then
the audit trail file can reside in another node. One or
more nodes can write to a given audit trail file.
The values of the cmd parameter, as defined in the
sys/audit.h header file, are:
A_READ Ignores the path parameter and returns the
current on/off status of the auditing system (ON
for enabled, OFF for disabled).
A_ON Enables the auditing system and specifies the
path parameter as the audit trail file if the
auditing system is disabled when the call is
issued. When the auditing system is already
enabled and this cmd is used, the audit trail
file is changed to path while the auditing
system is still running.
A_OFF Disables the auditing sytem if auditing is
enabled when the call is issued with this cmd.
If the auditing system is disabled and this cmd
is specified, the audit system call does
nothing.
The effective user ID of the calling process must be
superuser to use the audit system call.
Return Value
For a cmd value of A_READ, the audit system call returns,
upon successful completion, the current on/off status of
the auditing system (ON for enabled and OFF for disa-
bled). For a cmd value of A_ON, or A_OFF, the audit
system call returns, upon successful completion, the pre-
vious value of the on/off status (ON for enabled and OFF
for disabled). If the audit system call fails, a value
of -1 is returned and errno is set to indicate the error.
Diagnostics
The audit system call fails if one or more of the fol-
lowing are true:
EACCES A component of the path parameter denies
search permission.
EACCES The file named by the path parameter is not an
ordinary file.
EACCES Search permission is denied for the named
audit trail file.
EBUSY The auditing system is enabled, the cmd param-
eter is A_ON, and the path parameter is NULL.
EFAULT The path parameter &pointsout..
EINVAL The auditing system is disabled, the cmd
parameter is A_ON, and the path parameter is
NULL.
EINVAL The last component of the path parameter has
more than ten characters.
EISDIR The file named by the path parameter is a
directory.
ENFILE The system file table is full.
ENFILE The system i-node table is full.
ENOENT A component of the path name for the audit
trail file does not exist.
ENOTDIR A component of the path parameter is not a
directory.
EPERM The effective user ID of the calling process
is not superuser.
EROFS The named file resides on a read-only file
system.
If Distributed Services is installed on your system, the
audit system call also fails if one or more of the fol-
lowing are true:
EAGAIN The server is too busy to accept the
request.
EBADCONNECT An attempt to use an existing network
connection with a remote node failed.
EDIST The server has blocked new inbound
requests.
EDIST Outbound requests are currently
blocked.
EDIST The server has a release level of Dis-
tributed Services that cannot communi-
cate with this node.
ENOCONNECT An attempt to establish a new network
connection with a remote node failed.
ENODEV The named file is a remote file located
on a device that has been unmounted at
the server.
ENOMEM Either this node or the server does not
have enough memory to service the
request.
EPERM This node is not listed in user ID or
group ID translate tables of the
server.
ESTALE The process's root or current directory
is located in a virtual file system
that has been unmounted.
ESTALE The file descriptor for a remote file
has become obsolete.
Related Information
In this book: "auditlog," "auditproc," and "auditsys."
In this book: "audit."