Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audit(4) — Motorola System V 88k Release 4 Version 4.3

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audit_d(1M)

audit_aliases(4)

audit_file(4)

audit_sys(5)

audit(4)  —  FILE FORMATS

NAME

audit − audited system calls and commands

DESCRIPTION

The audit system generates audit records composed of two parts: process information and event information.  The process information consists of a standard header containing process-specific information.  The structure of the standard header is described in detail in audit_file(4).  The standard header includes an audit class that groups like events together. 

The event information includes an event type, a message type (describing the type of optional data), an error ID code, a reason ID code, and the length of the optional data portion.  The form and meaning of the optional data portion is dependent on the message type and event type.  See audit_file(4) for more information. 

sys/audit.h also contains structure definitions for audit masks used by the system to determine whether an event is audited.  The mask, which is accessed using au_getpmask(3A) and au_setpmask(3A), is an array indexed by the audit class number.  Each element of the mask contains a bit mask indicating which reason codes are auditable for that class number.  Every process has an audit mask. 

FILES

/usr/include/sys/audit.haudit structure definitions

SEE ALSO

audit_d(1M), audit_aliases(4), audit_file(4), audit_sys(5)

(ACMW Security Enhancement)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026