Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dlvraud(ADM) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audit(HW)

authaudit(S)


 dlvr_audit(ADM)                 19 June 1992                 dlvr_audit(ADM)


 Name

    dlvr_audit - produce audit records for subsystem events

 Syntax

    /etc/auth/dlvraudit [ -v ] tstamp event record pid cmd code [ args ... ]

 Description

    dlvraudit is used by programs implementing protected subsystems as the
    means for sending audit records to the audit subsystem.  Because those
    programs do not have the writeaudit privilege, they invoke dlvraudit
    which sends the data over a message queue to the audit daemon, which
    appends the record to the audit trail.  Because dlvraudit is run as a
    child process of the process producing the record, it does not have the
    ability to write the audit device either.  The message queue that it uses
    is only usable by the audit user, so dlvraudit must be run SUID to the
    audit user.  The group is inherited from the invoking process and is
    checked against those groups associated with protected subsystems.  If
    the group cannot be identified with a protected subsystem, the record is
    ignored (so that general user programs cannot flood the audit subsystem
    with invalid messages).

    The -v flag forces the program to report all of its actions.  Normally,
    this flag is not used so that audit records can be made without the
    knowledge of the program user.

    The required arguments apply to all audit records.  The tstamp argument
    is the (ASCII number representation of the) time in seconds past Jan 1,
    1970 that the audit record was produced.  The event argument is the num-
    ber of the event type as described in sys/audit.h.  Similarly, the record
    argument is the audit record format type as described in sys/audit.h.
    The pid is the process ID of the event process. cmd is the name of the
    protected subsystem command.  code is specific to the event type being
    generated.

    There may be 0 or more optional arguments depending on the code.
    dlvraudit uses the extra arguments to fill in specific fields required
    by the particular record format.

 See also

    audit(HW), authaudit(S)

    ``Using the audit subsystem'', chapter of the System Administrator's
    Guide

 Value added

    dlvraudit is an extension of AT&T System V provided by The Santa Cruz
    Operation, Inc.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026