Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dlvraud(ADM) — OpenDesktop 1.0.0y

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

authaudit(S)

audit(HW)


     DLVRAUDIT(ADM)                    UNIX System V



     Name
          dlvr_audit - produce audit records for subsystem events


     Syntax
          /etc/auth/dlvraudit [ -v ] tstamp event record pid cmd code
          [ args ... ]

     Description
          dlvr_audit  is  used  by  programs  implementing   protected
          subsystems  as  the  means  for sending audit records to the
          audit subsystem.  Because those programs  do  not  have  the
          writeaudit privilege, they invoke dlvr_audit which sends the
          data over a message queue to the audit daemon, which appends
          the record to the audit trail.  Because dlvr_audit is run as
          a child process of the process producing the record, it does
          not  have the ability to write the audit device either.  The
          message queue that it uses is only usable by the audit user,
          so dlvr_audit must be run SUID to the audit user.  The group
          is inherited  from  the  invoking  process  and  is  checked
          against  those  groups associated with protected subsystems.
          If  the  group  cannot  be  identified  with   a   protected
          subsystem,  the  record  is  ignored  (so  that general user
          programs cannot  flood  the  audit  subsystem  with  invalid
          messages).

          The -v flag forces the program to report all of its actions.
          Normally, this flag is not used so that audit records can be
          made without the knowledge of the program user.

          The required arguments apply  to  all  audit  records.   The
          tstamp  argument is the (ASCII number representation of the)
          time in seconds past Jan 1, 1970 that the audit  record  was
          produced.   The  event  argument  is the number of the event
          type as described in <sys/audit.h>.  Similarly,  the  record
          argument  is  the  audit  record format type as described in
          <sys/audit.h>.  The pid is  the  process  ID  of  the  event
          process. Cmd is the name of the protected subsystem command.
          Code is specific to the event type being generated.

          There may be 0 or more optional arguments depending  on  the
          code.   dlvr_audit  uses  the  extra  arguments  to  fill in
          specific fields required by the particular record format.


     See Also
          authaudit(S), audit(HW),  ``Maintaining  System  Security,''
          chapter of the System Administrator's Guide


     Value Added
          dlvr_audit is an extension of AT&T System V provided by  the
          Santa Cruz Operation.


     (printed 8/23/89)                          DLVRAUDIT(ADM)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026