Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audit(2) — AIX/RT 2.2.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditlog

auditproc

auditsys

audit

audit

Purpose

     Enables and disables auditing.

Syntax

     #include <sys/audit.h>

     int audit  (path, cmd)
     char *path;
     int cmd;

Description

     The auditing system is  either enabled or disabled.  When
     the auditing system is enabled, audit records are created
     for certain events, and these records are appended to the
     audit trail  file specified  by the path  parameter.  The
     last file name  component of the path  parameter must not
     be more  than ten characters because  the auditing system
     uses this name and attaches a four-character suffix.

     If Distributed Services is installed on your system, then
     the audit trail file can  reside in another node.  One or
     more nodes can write to a given audit trail file.

     The  values  of the  cmd  parameter,  as defined  in  the
     sys/audit.h header file, are:

     A_READ   Ignores  the  path  parameter  and  returns  the
              current on/off status of the auditing system (ON
              for enabled, OFF for disabled).

     A_ON     Enables  the auditing  system and  specifies the
              path parameter  as the  audit trail file  if the
              auditing  system is  disabled when  the call  is
              issued.   When the  auditing  system is  already
              enabled and  this cmd  is used, the  audit trail
              file  is  changed  to path  while  the  auditing
              system is still running.

     A_OFF    Disables  the  auditing  sytem  if  auditing  is
              enabled when  the call is issued  with this cmd.
              If the auditing system  is disabled and this cmd
              is  specified,   the  audit  system   call  does
              nothing.

     The  effective user  ID of  the calling  process must  be
     superuser to use the audit system call.

Return Value

     For a cmd value of A_READ, the audit system call returns,
     upon successful completion, the  current on/off status of
     the auditing  system (ON  for enabled  and OFF  for disa-
     bled).   For a  cmd value  of A_ON,  or A_OFF,  the audit
     system call returns, upon successful completion, the pre-
     vious value of the on/off  status (ON for enabled and OFF
     for disabled).  If  the audit system call  fails, a value
     of -1 is returned and errno is set to indicate the error.

Diagnostics

     The audit  system call fails if  one or more of  the fol-
     lowing are true:

     EACCES     A  component  of  the  path  parameter  denies
                search permission.

     EACCES     The file named by the path parameter is not an
                ordinary file.

     EACCES     Search  permission  is  denied for  the  named
                audit trail file.

     EBUSY      The auditing system is enabled, the cmd param-
                eter is A_ON, and the path parameter is NULL.

     EFAULT     The path parameter &pointsout..

     EINVAL     The  auditing  system  is  disabled,  the  cmd
                parameter is  A_ON, and the path  parameter is
                NULL.

     EINVAL     The last  component of the path  parameter has
                more than ten characters.

     EISDIR     The  file named  by  the path  parameter is  a
                directory.

     ENFILE     The system file table is full.

     ENFILE     The system i-node table is full.

     ENOENT     A  component of  the path  name for  the audit
                trail file does not exist.

     ENOTDIR    A  component of  the path  parameter is  not a
                directory.

     EPERM      The effective  user ID of the  calling process
                is not superuser.

     EROFS      The  named file  resides on  a read-only  file
                system.

     If Distributed Services is  installed on your system, the
     audit system call  also fails if one or more  of the fol-
     lowing are true:

     EAGAIN            The server  is too  busy to  accept the
                       request.

     EBADCONNECT       An attempt  to use an  existing network
                       connection with a remote node failed.

     EDIST             The  server  has  blocked  new  inbound
                       requests.

     EDIST             Outbound    requests   are    currently
                       blocked.

     EDIST             The server has a  release level of Dis-
                       tributed Services  that cannot communi-
                       cate with this node.

     ENOCONNECT        An attempt  to establish a  new network
                       connection with a remote node failed.

     ENODEV            The named file is a remote file located
                       on a device that  has been unmounted at
                       the server.

     ENOMEM            Either this node or the server does not
                       have  enough  memory   to  service  the
                       request.

     EPERM             This node  is not listed in  user ID or
                       group  ID   translate  tables   of  the
                       server.

     ESTALE            The process's root or current directory
                       is  located in  a  virtual file  system
                       that has been unmounted.

     ESTALE            The file  descriptor for a  remote file
                       has become obsolete.

Related Information

     In this book:   "auditlog,"  "auditproc," and "auditsys."
     In this book:  "audit."

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026