These interfaces may be used to look up information from the
audit_class5
database, which describes audit event classes.
Audit event classes are described by
Vt struct au_class_ent .
The
getauclassent ();
function
will return the next class found in the
audit_class5
database, or the first if the function has not yet been called.
NULL
will be returned if no further records are available.
The
getauclassnam ();
function
looks up a class by name.
NULL
will be returned if no matching class can be found.
The
setauclass ();
function
resets the iterator through the
audit_class5
database, causing the next call to
getauclassent ();
to start again from the beginning of the file.
The
endauclass ();
function
closes the
audit_class5
database, if open.
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
It was subsequently adopted by the TrustedBSD Project as the foundation for
the OpenBSM distribution.
AUTHORS
An -nosplit
This software was created by
An Robert Watson ,
An Wayne Salamon ,
and
An Suresh Krishnaswamy
for McAfee Research, the security research division of McAfee,
Inc., under contract to Apple Computer, Inc.
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
BUGS
These routines cannot currently distinguish between an entry not being found
and an error accessing the database.
The implementation should be changed to return an error via
errno
when
NULL
is returned.
