GETFAUDITFLAGS(3BSM) Security and Auditing Library Functions

NAME

getfauditflags - generate process audit state

SYNOPSIS

cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
#include <sys/param.h>
#include <bsm/libbsm.h>

int getfauditflags(au_mask_t *usremasks, au_mask_t *usrdmasks,
au_mask_t *lastmasks);

DESCRIPTION

The getfauditflags() function generates a process audit state by
combining the audit masks passed as parameters with the system audit
masks.


The usremasks argument points to au_mask_t fields that contains two
values. The first value defines which events are always to be audited
when they succeed. The second value defines which events are always
to be audited when they fail.


The usrdmasks argument points to au_mask_t fields that contains two
values. The first value defines which events are never to be audited
when they succeed. The second value defines which events are never to
be audited when they fail.


The output of this function is stored in lastmasks, a pointer of type
au_mask_t as well. The first value defines which events are to be
audited when they succeed and the second defines which events are to
be audited when they fail.


Both usremasks and usrdmasks override the values in the system audit
values.

RETURN VALUES

Upon successful completion, getfauditflags() returns 0. Otherwise it
returns -1.

ATTRIBUTES

See attributes(7) for descriptions of the following attributes:


+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | MT-Safe |
+---------------+-----------------+

SEE ALSO

getauditflags(3BSM), audit.log(5), attributes(7)

March 6, 2017 GETFAUDITFLAGS(3BSM)