Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ authaudit(S) — System V/386 Software Development System 3.2.2b

Media Vault

Software Library

Restoration Projects

Artifacts Sought



     AUTHAUDIT(S)              UNIX System V              AUTHAUDIT(S)



     Name
          authaudit - produce audit records due to authentication
          events

     Syntax
          #include <sys/types.h>
          #include <sys/security.h>
          #include <sys/audit.h>
          #include <prot.h>

          void audit_security_failure (object, expected, curr, action,
          result)
          int object;
          long expected;
          long curr;
          char *action;
          char *result;

          void audit_subsystem (subsystem_type, action, result)
          int subsystem_type;
          char *action;
          char *result;

          void audit_auth_entry (desired_entry, type, problem)
          char *desired_entry;
          int type;
          char *problem;

          void audit_no_resource (resource, object, problem)
          char *resource;
          int object;
          char *problem;

          void audit_lax_file (path, problem)
          char *path;
          char *problem;

          audit_login (pr, pwd, terminal_name, code)
          register struct pr_passwd *pr;
          register struct passwd *pwd;
          register char *terminal_name;
          int code;

          audit_passwd (name, code)
          char *name;
          int code;

          audit_lock (name, code, trys)
          char *name;
          int code;
          int trys;

          audit_adjust_mask (pr)
          register struct pr_passwd *pr;

     Description
          These routines provide standard interfaces to the secure
          audit facility from routines and programs that manipulate
          the Authentication database.  Depending on the circumstances
          (UIDs, privileges), they either write directly to the audit
          special device /dev/auditw, or they pass the information
          onto the dlvr_audit program.

          Audit_security_failure records a problem involving a system
          object, as defined in <audit.h>.  Even though kernel
          auditing may have recorded the same security problem as one
          or a series of failed system calls, this routine will
          produce an audit record specifically noting the high-level
          security problem in terms of trusted entity failure.  If
          appropriate, the expected and current curr values are
          recorded to further help in diagnosing the problem.  The
          high level action attempted and the result of the failure
          are required.  This is the means to report a high-level
          security problem that prevents or impedes the correct
          operation of a trusted process or subsystem.  If the trusted
          process detects and corrects security problems, the
          invocation of this routine is the detection component of
          that mechanism.

          Audit_subsystem records an audit record for high-level
          security events specific to a subsystem as defined by
          subsystem_type defined in <audit.h>.  The high-level action
          and either positive or negative result is recorded.  This is
          the means to report a problem or significant event in a
          specific subsystem.

          Audit_auth_entry produces an audit record noting that the
          name desired_entry has a problem in the type database, which
          is a component database (one of: /etc/passwd, /etc/group,
          Protected Password database, Terminal Control database, File
          control database, Command Control database, System Default
          database, Subsystem database) of the Authentication
          database.  This is the means to report a database
          inconsistency in an entry of the appropriate database.

          Audit_no_resource prints an audit record that says the
          resource could not be obtained of system type object, as
          defined in <audit.h>.  The problem that results is also
          recorded.  Typically, this is used to denote that a vital
          resource like memory could not be allocated and a security
          operation had to be aborted.

          Audit_lax_file produces an audit record about the file path
          and the exact problem that makes the file differ from the
          File Control database entry describing it.  This is the
          means to report a breakdown of a sanity check on the proper
          setup of system files.

     Notes
          These routines only work as advertised when
          set_auth_parameters is called as the first item in main().

     Files
          /dev/auditw

     See Also
          audit(HW), identity(S).

     Value Added
          authaudit is an extension of AT&T System V provided by the
          Santa Cruz Operation.

                                                (printed 6/20/89)



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026