setaudit (2) Страница руководства Инструментов Разработчика Mac OS X

Эта страница руководства является частью версии 5.0 Инструментов XCode

Получить эти инструменты:

Установите Инструменты XCode от developer.apple.com.

Если Вы выполняете версию Инструментов XCode кроме 5,0, просматриваете документацию локально:

В XCode
В Терминале, с помощью человека (1) команда

Читать страницы руководства

Страницы руководства предназначаются как справочник для людей, уже понимающих технологию.

Чтобы изучить, как руководство организовано или узнать о синтаксисе команды, прочитайте страницу руководства для страниц справочника (5).
Для получения дополнительной информации об этой технологии, ищите другую документацию в Библиотеке Разработчика Apple.
Для получения общей информации о записи сценариев оболочки, считайте Shell, Пишущий сценарий Учебника для начинающих.



SETAUDIT_ADDR(2)            BSD System Calls Manual           SETAUDIT_ADDR(2)

NAME
     setaudit_addr, setaudit(NOW DEPRECATED) -- set audit session state

SYNOPSIS
     #include <bsm/audit.h>
     #include <bsm/audit_session.h>

     int
     setaudit_addr(auditinfo_addr_t *auditinfo_addr, u_int length);

SYNOPSIS (NOW DEPRECATED)
     #include <bsm/audit.h>

     int
     setaudit(auditinfo_t *auditinfo);

DESCRIPTION
     The setaudit_addr() system call uses the auditinfo_addr_t data structure for the auditinfo_addr argu-ment argument
     ment which supports Terminal IDs with large addresses such as those used in IP version 6.  It is
     defined as follows:
         struct auditinfo_addr {
              au_id_t         ai_auid;        /* Audit user ID. */
              au_mask_t       ai_mask;        /* Audit masks. */
              au_tid_addr_t   ai_termid;      /* Terminal ID. */
              au_asid_t       ai_asid;        /* Audit session ID. */
              u_int64_t       ai_flags;       /* Audit session flags */
         };
         typedef struct auditinfo_addr   auditinfo_addr_t;

     The ai_auid variable contains the audit identifier which is recorded in the audit log for each event
     the process caused. The value of AU_DEFAUDITID (-1) should not be used.  The exception is if the value
     of audit identifier is known at the start of the session but will be determined and set later. Until
     ai_auid is set to something other than AU_DEFAUDITID any audit events generated by the system with be
     filtered by the non-attributed audit mask.

     The au_mask_t data structure defines the bit mask for auditing successful and failed events out of the
     predefined list of event classes. It is defined as follows:
         struct au_mask {
              unsigned int    am_success;     /* success bits */
              unsigned int    am_failure;     /* failure bits */
         };
         typedef struct au_mask  au_mask_t;

     The au_tid_addr_t data structure includes a larger address storage field and an additional field with
     the type of address stored:
         struct au_tid_addr {
              dev_t           at_port;
              u_int32_t       at_type;
              u_int32_t       at_addr[4];
         };
         typedef struct au_tid_addr      au_tid_addr_t;

     The ai_asid variable contains the audit session ID which is recorded with every event caused by the
     process.  It can be any value in the range 1 to PID_MAX (99999).  If the value of AU_ASSIGN_ASID is
     used for ai_asid a unique session ID will be generated by the kernel.  The audit session ID will be
     returned in the ai_asid field on success.

     The ai_flags field is opaque to the kernel and can be used to store flags associated with the audit
     session.  Please see the <bsm/audit_session.h> header file for more infomration and flag definitions
     for this platform.

     The setaudit_addr system call require an appropriate privilege to complete.

     This system call should only be called once at the start of a new session and not again during the same
     session to update the session information.  There are some exceptions, however.  The ai_auid field may
     be updated later if initially set to the value of AU_DEFAUDITID (-1).  Likewise, the ai_termid fields
     may be updated later if the at_type field in au_tid_addr is set to AU_IPv4 and the other ai_tid_addr
     fields are all set to zero.  Creating a new session is done by setting the ai_asid field to an unique
     session value or AU_ASSIGN_ASID.  These system calls will fail when attempting to change the ai_auid or
     ai_termid fields once set to something other than the default values.  The ai_flags field may be
     updated only according to local access control policy but this is usually accomplished with auditon(2)
     using the A_SETSFLAGS command.  The audit preselection masks may be changed at any time but are usually
     updated with auditon(2)

     The setaudit() system call (NOW DEPRECATED) sets the active audit session state for the current process
     via the auditinfo_t pointed to by auditinfo.  The setaudit_addr() system call sets extended state via
     auditinfo_addr and length.

     The auditinfo_t data structure (NOW DEPRECATED) is defined as follows:
         struct auditinfo {
              au_id_t        ai_auid;         /* Audit user ID */
              au_mask_t      ai_mask;         /* Audit masks */
              au_tid_t       ai_termid;       /* Terminal ID */
              au_asid_t      ai_asid;         /* Audit session ID */
         };
         typedef struct auditinfo        auditinfo_t;

     The au_termid_t data structure (NOW DEPRECATED) defines the Terminal ID recorded with every event
     caused by the process. It is defined as follows:
         struct au_tid {
              dev_t           port;
              u_int32_t       machine;
         };
         typedef struct au_tid   au_tid_t;

RETURN VALUES
     The setaudit_addr() function returns the value 0 if successful; otherwise the value -1 is returned and
     the global variable errno is set to indicate the error.

ERRORS
     [EFAULT]           A failure occurred while data transferred to or from the kernel failed.

     [EINVAL]           Illegal argument was passed by a system call.

     [EPERM]            The process does not have sufficient permission to complete the operation.

SEE ALSO
     audit(2), auditon(2), getaudit(2), getauid(2), setauid(2), libbsm(3)

HISTORY
     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under
     contract to Apple Computer Inc. in 2004.  It was subsequently adopted by the TrustedBSD Project as the
     foundation for the OpenBSM distribution.

     setaudit_addr() replaced setaudit() in Mac OS X 10.7 to support longer terminal addresses such as those
     used by IP version 6.  setaudit() is now deprecated and setaudit_addr() should be used instead.

AUTHORS
     This software was created by McAfee Research, the security research division of McAfee, Inc., under
     contract to Apple Computer Inc.  Additional authors include Wayne Salamon, Robert Watson, and SPARTA
     Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined
     by Sun Microsystems.

     This manual page was written by Robert Watson <rwatson@FreeBSD.org> and Stacey Son <sson@FreeBSD.org>.

BSD                              March 4, 2011                             BSD

Сообщение о проблемах

Способ сообщить о проблеме с этой страницей руководства зависит от типа проблемы:

Ошибки содержания: Ошибки отчета в содержании этой документации со ссылками на отзыв ниже.
Отчеты об ошибках: Сообщите об ошибках в функциональности описанного инструмента или API через Генератор отчетов Ошибки.
Форматирование проблем: Отчет, форматирующий ошибки в интерактивной версии этих страниц со ссылками на отзыв ниже.