Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ authaudit(S) — OpenDesktop Software Development System 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audit(HW)

identity(S)


 authaudit(S)                   6 January 1993                   authaudit(S)


 Name

    authaudit - produce audit records due to authentication events

 Syntax


    cc  . . .  -lprot


    #include <sys/types.h>
    #include <sys/security.h>
    #include <sys/audit.h>
    #include <prot.h>

    int audit_adjust_mask (pr)
    struct pr_passwd *pr;

    void audit_auth_entry (desired_entry, type, problem)
    char *desired_entry;
    int type;
    char *problem;

    void audit_lax_file (path, problem)
    char *path;
    char *problem;

    int audit_lock (name, code, trys)
    char *name;
    int code;
    int trys;

    int audit_login (pr, pwd, terminal_name, code)
    struct pr_passwd *pr;
    struct passwd *pwd;
    char *terminal_name;
    int code;

    void audit_no_resource (resource, object, problem)
    char *resource;
    int object;
    char *problem;

    int audit_passwd (name, code)
    char *name;
    int code;

    void audit_security_failure (object, expected, curr, action, result)
    int object;
    long expected;
    long curr;
    char *action;
    char *result;


    void audit_subsystem (subsystem_type, action, result)
    int subsystem_type;
    char *action;
    char *result;


 Description

    These routines provide standard interfaces to the secure audit facility
    from routines and programs that manipulate the Authentication database.
    Depending on the circumstances (UIDs, privileges), they either write
    directly to the audit special device /dev/auditw, or they pass the infor-
    mation onto the dlvraudit(ADM) utility.


    auditadjustmask
              If the user has a special mask, present it here to the audit
              subsystem.

    auditauthentry
              produces an audit record noting that the name desiredentry has
              a problem in the type database, which is a component database
              (one of: /etc/passwd, /etc/group, Protected Password database,
              Terminal Control database, File control database, Command Con-
              trol database, System Default database, Subsystem database) of
              the Authentication database.  This is the means to report a
              database inconsistency in an entry of the appropriate database.

    auditlaxfile
              produces an audit record about the file path and the exact
              problem that makes the file differ from the File Control data-
              base entry describing it.  This is the means to report a break-
              down of a sanity check on the proper setup of system files.

    auditlock
              Audit both successful and unsuccessful database locking opera-
              tions. This audit record is always written directly to the
              audit device because the programs that must use locking (for
              writing) are run as the superuser, who can access the device.

    auditlogin
              Audit both successful and unsuccessful logins.  This audit
              record is always written directly to the audit device because
              login is run as the superuser, who can access the device.

    auditnoresource
              prints an audit record that says the resource could not be
              obtained of system type object, as defined in <sys/audit.h>.
              The problem that results is also recorded.  Typically, this is
              used to denote that a vital resource like memory could not be
              allocated and a security operation had to be aborted.

    auditpasswd
              Audit both successful and unsuccessful password changes.  This
              audit record is always written directly to the audit device
              because login is run as the superuser, who can access the de-
              vice.

    auditsecurityfailure
              records a problem involving a system object, as defined in the
              sys/audit.h header file.  Even though kernel auditing may have
              recorded the same security problem as one or a series of failed
              system calls, this routine produces an audit record specifical-
              ly noting the high-level security problem in terms of trusted
              entity failure.  If appropriate, the expected and current curr
              values are recorded to further help in diagnosing the problem.
              The high level action attempted and the level of the failure
              are required.  This is the means to report a high-level secu-
              rity problem that prevents or impedes the correct operation of
              a trusted process or subsystem.  If the trusted process detects
              and corrects security problems, the invocation of this routine
              is the detection component of that mechanism.

    auditsubsystem
              records an audit record for high-level security events specific
              to a subsystem as defined by subsystemtype defined in
              <sys/audit.h>.  The high-level action and either positive or
              negative result is recorded.  This is the means to report a
              problem or significant event in a specific subsystem.


 Notes

    These routines work correctly only if setauthparameters(S) (described
    on the identity(S) manual page) is called as the first item in the main
    () routine.

 Files

    /dev/auditw

 See also

    audit(HW), identity(S)

 Standards conformance

    authaudit is an extension of AT&T System V provided by the Santa Cruz
    Operation.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026