AUTHAUDIT(S) UNIX System V AUTHAUDIT(S)
Name
authaudit - produce audit records due to authentication
events
Syntax
#include <sys/types.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>
void audit_security_failure (object, expected, curr, action,
result)
int object;
long expected;
long curr;
char *action;
char *result;
void audit_subsystem (subsystem_type, action, result)
int subsystem_type;
char *action;
char *result;
void audit_auth_entry (desired_entry, type, problem)
char *desired_entry;
int type;
char *problem;
void audit_no_resource (resource, object, problem)
char *resource;
int object;
char *problem;
void audit_lax_file (path, problem)
char *path;
char *problem;
audit_login (pr, pwd, terminal_name, code)
register struct pr_passwd *pr;
register struct passwd *pwd;
register char *terminal_name;
int code;
audit_passwd (name, code)
char *name;
int code;
audit_lock (name, code, trys)
char *name;
int code;
int trys;
audit_adjust_mask (pr)
register struct pr_passwd *pr;
Description
These routines provide standard interfaces to the secure
audit facility from routines and programs that manipulate
the Authentication database. Depending on the circumstances
(UIDs, privileges), they either write directly to the audit
special device /dev/auditw, or they pass the information
onto the dlvr_audit program.
Audit_security_failure records a problem involving a system
object, as defined in <audit.h>. Even though kernel
auditing may have recorded the same security problem as one
or a series of failed system calls, this routine will
produce an audit record specifically noting the high-level
security problem in terms of trusted entity failure. If
appropriate, the expected and current curr values are
recorded to further help in diagnosing the problem. The
high level action attempted and the result of the failure
are required. This is the means to report a high-level
security problem that prevents or impedes the correct
operation of a trusted process or subsystem. If the trusted
process detects and corrects security problems, the
invocation of this routine is the detection component of
that mechanism.
Audit_subsystem records an audit record for high-level
security events specific to a subsystem as defined by
subsystem_type defined in <audit.h>. The high-level action
and either positive or negative result is recorded. This is
the means to report a problem or significant event in a
specific subsystem.
Audit_auth_entry produces an audit record noting that the
name desired_entry has a problem in the type database, which
is a component database (one of: /etc/passwd, /etc/group,
Protected Password database, Terminal Control database, File
control database, Command Control database, System Default
database, Subsystem database) of the Authentication
database. This is the means to report a database
inconsistency in an entry of the appropriate database.
Audit_no_resource prints an audit record that says the
resource could not be obtained of system type object, as
defined in <audit.h>. The problem that results is also
recorded. Typically, this is used to denote that a vital
resource like memory could not be allocated and a security
operation had to be aborted.
Audit_lax_file produces an audit record about the file path
and the exact problem that makes the file differ from the
File Control database entry describing it. This is the
means to report a breakdown of a sanity check on the proper
setup of system files.
Notes
These routines only work as advertised when
set_auth_parameters is called as the first item in main().
Files
/dev/auditw
See Also
audit(HW), identity(S).
Value Added
authaudit is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 6/20/89)