OS-3766 auditconfig(1M) man page incomplete

1 files changed, 128 insertions, 16 deletions

diff --git a/usr/src/man/man1m/auditconfig.1m b/usr/src/man/man1m/auditconfig.1m
index 4dddd420c3..55fbe062e1 100644
--- a/usr/src/man/man1m/auditconfig.1m
+++ b/usr/src/man/man1m/auditconfig.1m
@@ -1,9 +1,10 @@
 '\" te
 .\"  Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
+.\"  Copyright 2015, Joyent, Inc. All Rights Reserved
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH AUDITCONFIG 1M "Sep 14, 2009"
+.TH AUDITCONFIG 1M "Jan 28, 2015"
 .SH NAME
 auditconfig \- configure auditing
 .SH SYNOPSIS
@@ -233,6 +234,26 @@ records. See \fBauditon\fR(2) and \fBauditd\fR(1M) for further information.
 .sp
 .ne 2
 .na
+\fB\fB-getcwd\fR\fR
+.ad
+.sp .6
+.RS 4n
+Prints current working directory (anchored from zone root at system boot). For
+example:
+.sp
+.in +2
+.nf
+# cd /usr/tmp
+# auditconfig -getcwd
+current working directory = /var/tmp
+.fi
+.in -2
+.sp
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fB-getestate\fR \fIevent\fR\fR
 .ad
 .sp .6
@@ -249,7 +270,25 @@ audit class mask for event AUE_RENAME(42) = 0x30
 .fi
 .in -2
 .sp
+.RE
 
+.sp
+.ne 2
+.na
+\fB\fB-getflags\fR\fR
+.ad
+.sp .6
+.RS 4n
+Display the current active and configured user default audit flags. For
+example:
+.sp
+.in +2
+.nf
+# auditconfig -getflags
+active user default audit flags = no(0x0,0x0)
+configured user default audit flags = ex,lo(0x40001000,0x40001000)
+.fi
+.in -2
 .RE
 
 .sp
@@ -300,46 +339,68 @@ global zone. Otherwise, it is that of the local zone.
 .sp
 .ne 2
 .na
-\fB\fB-getpinfo\fR \fIpid\fR\fR
+\fB\fB-getnaflags\fR\fR
 .ad
 .sp .6
 .RS 4n
-Display the audit ID, preselection mask, terminal ID, and audit session ID for
-the specified process.
+Display the current active and configured non-attributable audit flags. For
+example:
+.sp
+.in +2
+.nf
+# auditconfig -getnaflags
+active non-attributable audit flags = no(0x0,0x0)
+configured non-attributable audit flags = lo(0x1000,0x1000)
+.fi
+.in -2
 .RE
 
 .sp
 .ne 2
 .na
-\fB\fB-getpolicy\fR\fR
+\fB\fB-getpinfo\fR \fIpid\fR\fR
 .ad
 .sp .6
 .RS 4n
-Display the kernel audit policy. The \fBahlt\fR and \fBperzone\fR policies
-reflect the settings from the global zone. If \fBperzone\fR is set, all other
-policies reflect the local zone's settings. If \fBperzone\fR is not set, the
-policies are machine-wide.
+Display the audit ID, preselection mask, terminal ID, and audit session ID for
+the specified process.
 .RE
 
 .sp
 .ne 2
 .na
-\fB\fB-getcwd\fR\fR
+\fB\fB-getplugin\fR\fR
 .ad
 .sp .6
 .RS 4n
-Prints current working directory (anchored from zone root at system boot). For
-example:
+Display the currently installed plugins and their attributes. For example:
 .sp
 .in +2
 .nf
-# cd /usr/tmp
-# auditconfig -getcwd
-current working directory = /var/tmp
+# auditconfig -getplugin
+Plugin: audit_binfile (active)
+        Attributes: p_dir=/var/audit;p_fsize=0;p_minfree=0;
+
+Plugin: audit_syslog (inactive)
+        Attributes: p_flags=;
+
+Plugin: audit_remote (inactive)
+        Attributes: p_hosts=;p_retries=3;p_timeout=5;
 .fi
 .in -2
-.sp
+.RE
 
+.sp
+.ne 2
+.na
+\fB\fB-getpolicy\fR\fR
+.ad
+.sp .6
+.RS 4n
+Display the kernel audit policy. The \fBahlt\fR and \fBperzone\fR policies
+reflect the settings from the global zone. If \fBperzone\fR is set, all other
+policies reflect the local zone's settings. If \fBperzone\fR is not set, the
+policies are machine-wide.
 .RE
 
 .sp
@@ -567,6 +628,24 @@ global zone.
 .sp
 .ne 2
 .na
+\fB\fB-setflags\fR\fR
+.ad
+.sp .6
+.RS 4n
+Sets the user default audit flags. For example, to set execute and login
+auditing for all users:
+.sp
+.in +2
+.nf
+# auditconfig -setflags ex,lo
+user default audit flags = ex,lo(0x40001000,0x40001000)
+.fi
+.in -2
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fB-setkaudit\fR \fIIP-address_type\fR \fIIP_address\fR\fR
 .ad
 .sp .6
@@ -592,6 +671,39 @@ If \fBperzone\fR is not set, this option is valid only in the global zone.
 .sp
 .ne 2
 .na
+\fB\fB-setnaflags\fR\fR
+.ad
+.sp .6
+.RS 4n
+Sets the non-attributable audit flags. For example:
+.sp
+.in +2
+.nf
+# auditconfig -setnaflags lo
+non-attributable audit flags = lo(0x1000,0x1000)
+.fi
+.in -2
+.RE
+
+.sp
+.ne 2
+.na
+\fB\fB-setplugin\fR \fIname active\fR|\fIinactive\fR [\fIattributes\fR [\fIqsize\fR]]\fR
+.ad
+.sp .6
+.RS 4n
+Configures a plugin's attributes. For example:
+.sp
+.in +2
+.nf
+# auditconfig -setplugin audit_syslog active
+.fi
+.in -2
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fB-setpmask\fR \fIpid flags\fR\fR
 .ad
 .sp .6