au_to_arg32au_to_arg64au_to_argau_to_attr64au_to_dataau_to_exitau_to_groupsau_to_newgroupsau_to_in_addrau_to_in_addr_exau_to_ipau_to_ipcau_to_ipc_permau_to_iportau_to_opaqueau_to_fileau_to_textau_to_pathau_to_process32au_to_process64au_to_processau_to_process32_exau_to_process64_exau_to_process_exau_to_return32au_to_return64au_to_returnau_to_seqau_to_sock_inet32au_to_sock_inet128au_to_sock_inetau_to_subject32au_to_subject64au_to_subjectau_to_subject32_exau_to_subject64_exau_to_subject_exau_to_meau_to_exec_argsau_to_exec_envau_to_headerau_to_header32au_to_header64au_to_trailerau_to_zonename
- routines for generating BSM audit tokens
LIBRARY
Lb libbsm
SYNOPSIS
#include <bsm/libbsm.h> token_t *
au_to_arg32 (char n char *text u_int32_t v); token_t *
au_to_arg64 (char n char *text u_int64_t v); token_t *
au_to_arg (char n char *text u_int32_t v); token_t *
au_to_attr32 (struct vattr *attr); token_t *
au_to_attr64 (struct vattr *attr); token_t *
au_to_attr (struct vattr *attr); token_t *
au_to_data (char unit_print char unit_type char unit_count char *p); token_t *
au_to_exit (int retval int err); token_t *
au_to_groups (int *groups); token_t *
au_to_newgroups (u_int16_t n gid_t *groups); token_t *
au_to_in_addr (struct in_addr *internet_addr); token_t *
au_to_in_addr_ex (struct in6_addr *internet_addr); token_t *
au_to_ip (struct ip *ip); token_t *
au_to_ipc (char type int id); token_t *
au_to_ipc_perm (struct ipc_perm *perm); token_t *
au_to_iport (u_int16_t iport); token_t *
au_to_opaque (char *data u_int16_t bytes); token_t *
au_to_file (char *file struct timeval tm); token_t *
au_to_text (char *text); token_t *
au_to_path (char *text); token_t *
Fo au_to_process32
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_t *tid
Fc Ft token_t *
Fo au_to_process64
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_t *tid
Fc Ft token_t *
Fo au_to_process32_ex
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_addr_t *tid
Fc Ft token_t *
Fo au_to_process64_ex
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_addr_t *tid
Fc Ft token_t *
au_to_return32 (char status u_int32_t ret); token_t *
au_to_return64 (char status u_int64_t ret); token_t *
au_to_return (char status u_int32_t ret); token_t *
au_to_seq (long audit_count); token_t *
au_to_sock_inet32 (struct sockaddr_in *so); token_t *
au_to_sock_inet128 (struct sockaddr_in6 *so); token_t *
au_to_sock_int (struct sockaddr_in *so); token_t *
Fo au_to_subject32
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_t *tid
Fc Ft token_t *
Fo au_to_subject64
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_t *tid
Fc Ft token_t *
Fo au_to_subject
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_t *tid
Fc Ft token_t *
Fo au_to_subject32_ex
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_addr_t *tid
Fc Ft token_t *
Fo au_to_subject64_ex
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_addr_t *tid
Fc Ft token_t *
Fo au_to_subject_ex
Fa au_id_t auid uid_t euid gid_t egid uid_t ruid
Fa gid_t rgid pid_t pid au_asid_t sid au_tid_addr_t *tid
Fc Ft token_t *
au_to_me (void); token_t *
au_to_exec_args (char **argv); token_t *
au_to_exec_env (char **envp); token_t *
au_to_header (int rec_size au_event_t e_type au_emod_t emod); token_t *
au_to_header32 (int rec_size au_event_t e_type au_emod_t emod); token_t *
au_to_header64 (int rec_size au_event_t e_type au_emod_t e_mod); token_t *
au_to_trailer (int rec_size); token_t *
au_to_zonename (char *zonename);
DESCRIPTION
These interfaces support the allocation of BSM audit tokens, represented by
Vt token_t ,
for various data types.
RETURN VALUES
On success, a pointer to a
Vt token_t
will be returned; the allocated
Vt token_t
can be freed via a call to
au_free_token3.
On failure,
NULL
will be returned, and an error condition returned via
errno
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
It was subsequently adopted by the TrustedBSD Project as the foundation for
the OpenBSM distribution.
AUTHORS
An -nosplit
This software was created by
An Robert Watson ,
An Wayne Salamon ,
and
An Suresh Krishnaswamy
for McAfee Research, the security research division of McAfee,
Inc., under contract to Apple Computer, Inc.
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
