GETFAUDITFLAGS(3BSM) Security and Auditing Library Functions
getfauditflags - generate process audit state
cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
#include <sys/param.h>
#include <bsm/libbsm.h>
int getfauditflags(au_mask_t *usremasks, au_mask_t *usrdmasks,
au_mask_t *lastmasks);
The getfauditflags() function generates a process audit state by
combining the audit masks passed as parameters with the system audit
masks.
The usremasks argument points to au_mask_t fields that contains two
values. The first value defines which events are always to be audited
when they succeed. The second value defines which events are always
to be audited when they fail.
The usrdmasks argument points to au_mask_t fields that contains two
values. The first value defines which events are never to be audited
when they succeed. The second value defines which events are never to
be audited when they fail.
The output of this function is stored in lastmasks, a pointer of type
au_mask_t as well. The first value defines which events are to be
audited when they succeed and the second defines which events are to
be audited when they fail.
Both usremasks and usrdmasks override the values in the system audit
values.
Upon successful completion, getfauditflags() returns 0. Otherwise it
returns -1.
See attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | MT-Safe |
+---------------+-----------------+
getauditflags(3BSM), audit.log(5), attributes(7)
March 6, 2017 GETFAUDITFLAGS(3BSM)
NAME
getfauditflags - generate process audit state
SYNOPSIS
cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
#include <sys/param.h>
#include <bsm/libbsm.h>
int getfauditflags(au_mask_t *usremasks, au_mask_t *usrdmasks,
au_mask_t *lastmasks);
DESCRIPTION
The getfauditflags() function generates a process audit state by
combining the audit masks passed as parameters with the system audit
masks.
The usremasks argument points to au_mask_t fields that contains two
values. The first value defines which events are always to be audited
when they succeed. The second value defines which events are always
to be audited when they fail.
The usrdmasks argument points to au_mask_t fields that contains two
values. The first value defines which events are never to be audited
when they succeed. The second value defines which events are never to
be audited when they fail.
The output of this function is stored in lastmasks, a pointer of type
au_mask_t as well. The first value defines which events are to be
audited when they succeed and the second defines which events are to
be audited when they fail.
Both usremasks and usrdmasks override the values in the system audit
values.
RETURN VALUES
Upon successful completion, getfauditflags() returns 0. Otherwise it
returns -1.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | MT-Safe |
+---------------+-----------------+
SEE ALSO
getauditflags(3BSM), audit.log(5), attributes(7)
March 6, 2017 GETFAUDITFLAGS(3BSM)