diff options
| author | Peter Tribble <peter.tribble@gmail.com> | 2017-03-18 14:44:41 +0000 |
|---|---|---|
| committer | Richard Lowe <richlowe@richlowe.net> | 2017-03-18 13:41:29 -0400 |
| commit | 291a8a98a6ce8a2e0a5203468242b79d419b06b6 (patch) | |
| tree | 6033b3dfe645d8ddc6d605e0dc8f4e2dfe240484 /usr/src/man | |
| parent | f8ebbf5c160aca32db6d3edafa7d633686ac1c02 (diff) | |
| download | illumos-joyent-291a8a98a6ce8a2e0a5203468242b79d419b06b6.tar.gz | |
3766 audit documentation needs updating, badly!
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
Diffstat (limited to 'usr/src/man')
53 files changed, 313 insertions, 1905 deletions
diff --git a/usr/src/man/man1/allocate.1 b/usr/src/man/man1/allocate.1 index 94c265798b..2e60ba0f90 100644 --- a/usr/src/man/man1/allocate.1 +++ b/usr/src/man/man1/allocate.1 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ALLOCATE 1 "Apr 30, 2008" +.TH ALLOCATE 1 "Mar 6, 2017" .SH NAME allocate \- device allocation .SH SYNOPSIS @@ -18,7 +18,6 @@ allocate \- device allocation .fi .SH DESCRIPTION -.sp .LP The \fBallocate\fR utility manages the ownership of devices through its allocation mechanism. It ensures that each device is used by only one qualified @@ -43,7 +42,6 @@ clean program for the device before it grants access to the caller to that device. For devices with removable media that have a mountable file system, \fBallocate\fR mounts the media if the caller chooses. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -112,7 +110,6 @@ Allocates device to the zone specified by \fIzonename\fR. .RE .SH OPERANDS -.sp .LP The following operands are supported: .sp @@ -125,7 +122,6 @@ Specifies the name of the device to be allocated. .RE .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -156,7 +152,6 @@ An error occurred. .RE .SH FILES -.sp .LP \fB/etc/security/device_allocate\fR .sp @@ -169,7 +164,6 @@ An error occurred. .LP \fB/etc/security/lib/*\fR .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -189,20 +183,11 @@ Interface Stability See below. The invocation is Uncommitted. The options are Uncommitted. The output is Not-an-Interface. .SH SEE ALSO -.sp .LP -\fBdeallocate\fR(1), \fBlist_devices\fR(1), \fBbsmconv\fR(1M), +\fBdeallocate\fR(1), \fBlist_devices\fR(1), \fBdminfo\fR(1M), \fBmkdevalloc\fR(1M), \fBmkdevmaps\fR(1M), \fBdevice_allocate\fR(4), \fBdevice_maps\fR(4), \fBattributes\fR(5) -.sp -.LP -\fIControlling Access to Devices\fR .SH NOTES -.sp -.LP -The functionality described in this man page is available only if Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP On systems configured with Trusted Extensions, the functionality is enabled by default. diff --git a/usr/src/man/man1/crontab.1 b/usr/src/man/man1/crontab.1 index c93255f406..c5e4b6e321 100644 --- a/usr/src/man/man1/crontab.1 +++ b/usr/src/man/man1/crontab.1 @@ -10,7 +10,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH CRONTAB 1 "Apr 6, 2009" +.TH CRONTAB 1 "Mar 6, 2017" .SH NAME crontab \- user crontab file .SH SYNOPSIS @@ -75,7 +75,6 @@ crontab \- user crontab file .fi .SH DESCRIPTION -.sp .LP The \fBcrontab\fR utility manages a user's access with \fBcron\fR (see \fBcron\fR(1M)) by copying, creating, listing, and removing \fBcrontab\fR @@ -87,7 +86,6 @@ users' crontabs. If \fBcrontab\fR is invoked with \fIfilename\fR, this overwrites an existing \fBcrontab\fR entry for the user that invokes it. .SS "\fBcrontab\fR Access Control" -.sp .LP Users: Access to \fBcrontab\fR is allowed: .RS +4 @@ -130,7 +128,7 @@ authorization is allowed to submit a job. .TP .ie t \(bu .el o -if Solaris Auditing is enabled, the user's shell is not audited and the user is +if Auditing is enabled, the user's shell is not audited and the user is not the \fBcrontab\fR owner. This can occur if the user logs in by way of a program, such as some versions of \fBSSH\fR, which does not set audit parameters. @@ -143,7 +141,6 @@ The rules for \fBallow\fR and \fBdeny\fR apply to \fBroot\fR only if the .LP The \fBallow\fR/\fBdeny\fR files consist of one user name per line. .SS "\fBcrontab\fR Entry Format" -.sp .LP A \fBcrontab\fR file consists of lines of six fields each. The fields are separated by spaces or tabs. The first five are integer patterns that specify @@ -234,7 +231,6 @@ environment variables are set to match those that are in effect in the If you do not redirect the standard output and standard error of your commands, any generated output or errors are mailed to you. .SS "\fBcrontab\fR Environment Variables" -.sp .LP The following variables are supported: .sp @@ -307,7 +303,6 @@ The lines that are not setting these environment variables are the same as crontab entries that conform to the UNIX standard and are described elsewhere in this man page. .SS "Setting \fBcron\fR Jobs Across Timezones" -.sp .LP The default timezone of the \fBcron\fR daemon sets the system-wide timezone for \fBcron\fR entries. This, in turn, is by set by default system-wide using @@ -318,7 +313,6 @@ If some form of \fBdaylight savings\fR or \fBsummer/winter time\fR is in effect, then jobs scheduled during the switchover period could be executed once, twice, or not at all. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -461,13 +455,11 @@ Korn shell. The file concludes with \fBTZ\fR, \fBHOME\fR, and \fBSHELL\fR entries that return those variable to their default values. .SH ENVIRONMENT VARIABLES -.sp .LP See \fBenviron\fR(5) for descriptions of the following environment variables that affect the execution of \fBcrontab\fR: \fBLANG\fR, \fBLC_ALL\fR, \fBLC_CTYPE\fR, \fBLC_MESSAGES\fR, and \fBNLSPATH\fR. .SS "\fB/usr/bin/crontab\fR" -.sp .ne 2 .na \fB\fBEDITOR\fR\fR @@ -500,7 +492,6 @@ specified. If \fBVISUAL\fR is not specified, then the environment variable .RE .SS "\fB/usr/xpg4/bin/crontab\fR" -.sp .ne 2 .na \fB\fBEDITOR\fR\fR @@ -511,7 +502,6 @@ default editor is \fB/usr/xpg4/bin/vi\fR. .RE .SS "\fB/usr/xpg6/bin/crontab\fR" -.sp .ne 2 .na \fB\fBEDITOR\fR\fR @@ -522,7 +512,6 @@ default editor is \fB/usr/xpg6/bin/vi\fR. .RE .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -544,7 +533,6 @@ An error occurred. .RE .SH FILES -.sp .ne 2 .na \fB\fB/etc/cron.d\fR\fR @@ -599,13 +587,10 @@ spool area for \fBcrontab\fR .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .SS "\fB/usr/bin/crontab\fR" -.sp -.sp .TS box; c | c @@ -616,9 +601,7 @@ Interface Stability Standard .TE .SS "\fB/usr/xpg4/bin/crontab\fR" -.sp -.sp .TS box; c | c @@ -629,9 +612,7 @@ Interface Stability Standard .TE .SS "\fB/usr/xpg6/bin/crontab\fR" -.sp -.sp .TS box; c | c @@ -642,13 +623,11 @@ Interface Stability Standard .TE .SH SEE ALSO -.sp .LP \fBatq\fR(1), \fBatrm\fR(1), \fBauths\fR(1), \fBed\fR(1), \fBsh\fR(1), \fBvi\fR(1), \fBcron\fR(1M), \fBsu\fR(1M), \fBauth_attr\fR(4), \fBattributes\fR(5), \fBenviron\fR(5), \fBstandards\fR(5) .SH NOTES -.sp .LP If you inadvertently enter the \fBcrontab\fR command with no arguments, do not attempt to get out with Control-d. This removes all entries in your diff --git a/usr/src/man/man1/deallocate.1 b/usr/src/man/man1/deallocate.1 index ae3a6ab4c6..be14c951c0 100644 --- a/usr/src/man/man1/deallocate.1 +++ b/usr/src/man/man1/deallocate.1 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH DEALLOCATE 1 "Apr 30, 2008" +.TH DEALLOCATE 1 "Mar 6, 2017" .SH NAME deallocate \- device deallocation .SH SYNOPSIS @@ -19,7 +19,6 @@ deallocate \- device deallocation .fi .SH DESCRIPTION -.sp .LP The \fBdeallocate\fR command frees an allocated device. It resets the ownership and permissions on all device special files associated with the device, @@ -30,7 +29,6 @@ program for that device as specified in \fBdevice_allocate\fR(4). The default \fBdeallocate\fR operation deallocates devices allocated to the user. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -107,7 +105,6 @@ Deallocates device from the zone specified by \fIzonename\fR. .RE .SH OPERANDS -.sp .LP The following operands are supported: .sp @@ -120,7 +117,6 @@ Deallocates the specified \fIdevice\fR. .RE .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -151,7 +147,6 @@ An error occurred. .RE .SH FILES -.sp .LP \fB/etc/security/device_allocate\fR .sp @@ -164,7 +159,6 @@ An error occurred. .LP \fB/etc/security/lib/*\fR .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -184,20 +178,11 @@ Interface Stability See below. The invocation is Uncommitted. The options are Uncommitted. The output is Not-an-Interface. .SH SEE ALSO -.sp .LP -\fBallocate\fR(1), \fBlist_devices\fR(1), \fBbsmconv\fR(1M), \fBdminfo\fR(1M), +\fBallocate\fR(1), \fBlist_devices\fR(1), \fBdminfo\fR(1M), \fBmkdevalloc\fR(1M), \fBmkdevmaps\fR(1M), \fBdevice_allocate\fR(4), \fBdevice_maps\fR(4), \fBattributes\fR(5) -.sp -.LP -\fIControlling Access to Devices\fR .SH NOTES -.sp -.LP -The functionality described in this man page is available only if Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP On systems configured with Trusted Extensions, the functionality is enabled by default. diff --git a/usr/src/man/man1/ldap.1 b/usr/src/man/man1/ldap.1 index fa720f1b97..334bf22236 100644 --- a/usr/src/man/man1/ldap.1 +++ b/usr/src/man/man1/ldap.1 @@ -4,7 +4,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LDAP 1 "Feb 25, 2017" +.TH LDAP 1 "Mar 6, 2017" .SH NAME ldap \- LDAP as a naming repository .SH DESCRIPTION @@ -119,8 +119,6 @@ _ exec_attr SolarisExecAttr ou=SolarisProfAttr,dc=... _ user_attr SolarisUserAttr ou=people,dc=... -_ -audit_user SolarisAuditUser ou=people,dc=... .TE .sp @@ -316,4 +314,4 @@ The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is provided by \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), -and\fBpam_unix_session\fR(5). +and \fBpam_unix_session\fR(5). diff --git a/usr/src/man/man1/ldaplist.1 b/usr/src/man/man1/ldaplist.1 index 3756a0d2d3..97d016235f 100644 --- a/usr/src/man/man1/ldaplist.1 +++ b/usr/src/man/man1/ldaplist.1 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LDAPLIST 1 "Jun 7, 2008" +.TH LDAPLIST 1 "Mar 6, 2017" .SH NAME ldaplist \- search and list naming information from an LDAP directory using the configured profile @@ -27,7 +27,6 @@ configured profile .fi .SH DESCRIPTION -.sp .LP If the \fB-h\fR \fILDAP_server\fR\fB[:\fR\fIserverPort\fR\fB]\fR option is specified, \fBldaplist\fR establishes a connection to the server pointed to by @@ -100,7 +99,6 @@ auth_attr SolarisAuthAttr nameT ou=SolarisAuthAttr prof_attr SolarisProfAttr nameT ou=SolarisProfAttr exec_attr SolarisExecAttr nameT ou=SolarisProfAttr user_attr SolarisUserAttr uidT ou=people -audit_user SolarisAuditUser uidT ou=people projects SolarisProject SolarisProjectID ou=projects .fi .in -2 @@ -145,7 +143,6 @@ need to be quoted. If the key is not specified, all the containers in the current search \fBbaseDN\fR is listed. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -434,7 +431,6 @@ example% \fBldaplist -H 10.10.10.10:3890 \e .sp .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -465,7 +461,6 @@ An error occurred. An error message is output. .RE .SH FILES -.sp .ne 2 .na \fB\fB/var/ldap/ldap_client_file\fR\fR @@ -481,7 +476,6 @@ these files, use \fBldapclient\fR(1M) .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -497,14 +491,12 @@ Interface Stability Committed .TE .SH SEE ALSO -.sp .LP \fBldap\fR(1), \fBldapadd\fR(1), \fBldapdelete\fR(1), \fBldapmodify\fR(1), \fBldapmodrdn\fR(1), \fBldapsearch\fR(1), \fBidsconfig\fR(1M), \fBldap_cachemgr\fR(1M), \fBldapaddent\fR(1M), \fBldapclient\fR(1M), \fBsuninstall\fR(1M), \fBresolv.conf\fR(4), \fBattributes\fR(5) .SH NOTES -.sp .LP \fIRFC 2307bis\fR is an IETF informational document in draft stage that defines an approach for using \fBLDAP\fR as a naming service. diff --git a/usr/src/man/man1/list_devices.1 b/usr/src/man/man1/list_devices.1 index d86c86fd2d..3498c54ced 100644 --- a/usr/src/man/man1/list_devices.1 +++ b/usr/src/man/man1/list_devices.1 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LIST_DEVICES 1 "Apr 30, 2008" +.TH LIST_DEVICES 1 "Mar 6, 2017" .SH NAME list_devices \- list allocatable devices .SH SYNOPSIS @@ -19,7 +19,6 @@ list_devices \- list allocatable devices .fi .SH DESCRIPTION -.sp .LP The \fBlist_devices\fR utility lists the allocatable devices in the system according to specified qualifications. @@ -30,7 +29,6 @@ listed. The device argument is optional and, if it is not present, all relevant devices are listed. If \fIdev-class\fR is present, devices belonging to the specified \fIdev-class\fR are listed. There is no default \fIdev-class\fR. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -286,7 +284,6 @@ files=/dev/audio2 /dev/audio2ctl /dev/sound/2 /dev/sound/2ctl .sp .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -317,7 +314,6 @@ An error occurred. .RE .SH FILES -.sp .LP \fB/etc/security/device_allocate\fR .sp @@ -330,7 +326,6 @@ An error occurred. .LP \fB/usr/security/lib/*\fR .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -351,20 +346,11 @@ The invocation is Uncommitted. The options are Uncommitted. The output from the \fB-a\fR and \fB-w\fR options is Uncommitted. All other output is Not-an-Interface. .SH SEE ALSO -.sp .LP -\fBallocate\fR(1), \fBdeallocate\fR(1), \fBbsmconv\fR(1M), \fBdminfo\fR(1M), +\fBallocate\fR(1), \fBdeallocate\fR(1), \fBdminfo\fR(1M), \fBmkdevalloc\fR(1M), \fBmkdevmaps\fR(1M), \fBdevice_allocate\fR(4), \fBdevice_maps\fR(4), \fBattributes\fR(5) -.sp -.LP -\fIControlling Access to Devices\fR .SH NOTES -.sp -.LP -The functionality described in this man page is available only if Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP On systems configured with Trusted Extensions, the functionality is enabled by default. diff --git a/usr/src/man/man1/roles.1 b/usr/src/man/man1/roles.1 index ac7ede705b..cbdab0a000 100644 --- a/usr/src/man/man1/roles.1 +++ b/usr/src/man/man1/roles.1 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ROLES 1 "Feb 14, 2001" +.TH ROLES 1 "Mar 6, 2017" .SH NAME roles \- print roles granted to a user .SH SYNOPSIS @@ -13,7 +13,6 @@ roles \- print roles granted to a user .fi .SH DESCRIPTION -.sp .LP The command \fBroles\fR prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special accounts that @@ -30,7 +29,7 @@ profiles. See \fBauths\fR(1) and \fBprofiles\fR(1). .LP Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him\(em or herself and assume the role. The actions of a role -are attributable to the normal user. When auditing is enabled, the audited +are attributable to the normal user. The audited events of the role contain the audit \fBID\fR of the original user who assumed the role. .sp @@ -66,7 +65,6 @@ example% .sp .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -88,7 +86,6 @@ An error occurred. .RE .SH FILES -.sp .LP \fB/etc/user_attr\fR .sp @@ -98,8 +95,7 @@ An error occurred. .LP \fB/etc/security/prof_attr\fR .SH SEE ALSO -.sp .LP \fBauths\fR(1), \fBpfexec\fR(1), \fBprofiles\fR(1), \fBrlogin\fR(1), -\fBsu\fR(1M), \fBgetauusernam\fR(3BSM), \fBauth_attr\fR(4), \fBpasswd\fR(4), +\fBsu\fR(1M), \fBauth_attr\fR(4), \fBpasswd\fR(4), \fBprof_attr\fR(4), \fBshadow\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) diff --git a/usr/src/man/man1m/audit.1m b/usr/src/man/man1m/audit.1m index 5406331337..4b3d63422c 100644 --- a/usr/src/man/man1m/audit.1m +++ b/usr/src/man/man1m/audit.1m @@ -1,31 +1,25 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 1993, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT 1M "Apr 16, 2008" +.TH AUDIT 1M "Mar 6, 2017" .SH NAME audit \- control the behavior of the audit daemon .SH SYNOPSIS .LP .nf -\fBaudit\fR \fB-n\fR | \fB-s\fR | \fB-t\fR | \fB-v\fR [\fIpath\fR] +\fBaudit\fR \fB-n\fR | \fB-s\fR | \fB-t\fR | \fB-v\fR .fi .SH DESCRIPTION -.sp .LP The \fBaudit\fR command is the system administrator's interface to maintaining -the audit trail. The audit daemon can be notified to read the contents of the -\fBaudit_control\fR(4) file and re-initialize the current audit directory to -the first directory listed in the \fBaudit_control\fR file or to open a new -audit file in the current audit directory specified in the \fBaudit_control\fR -file, as last read by the audit daemon. Reading \fBaudit_control\fR also causes -the \fBminfree\fR and \fBplugin\fR configuration lines to be re-read and reset -within \fBauditd\fR. The audit daemon can also be signaled to close the audit -trail and disable auditing. +the audit daemon \fBauditd\fR(1M). The audit daemon can be stopped, started, or +notified to reread the configuration, stored in \fBsmf\fR(5) and managed using +the \fBauditconfig\fR(1M) command. .SH OPTIONS -.sp .ne 2 .na \fB\fB-n\fR\fR @@ -41,9 +35,9 @@ file in the current audit directory. \fB\fB-s\fR\fR .ad .RS 11n -Notify the audit daemon to read the audit control file. The audit daemon stores -the information internally. If the audit daemon is not running but audit has -been enabled by means of \fBbsmconv\fR(1M), the audit daemon is started. +Validates the audit service configuration and, if correct, notify the audit +daemon to reread the audit configuration. If the audit daemon is not running, +the audit daemon is started. .RE .sp @@ -59,34 +53,21 @@ auditing, and die. Use \fB-s\fR to restart auditing. .sp .ne 2 .na -\fB\fB-v\fR \fIpath\fR\fR +\fB\fB-v\fR .ad .RS 11n -Verify the syntax for the audit control file stored in \fIpath\fR. The -\fBaudit\fR command displays an approval message or outputs specific error -messages for each error found. +Validate the audit service configuration. At least one plugin must be active; +if that plugin is \fBaudit_binfile\fR then its \fBp_dir\fR attribute must +contain at least one valid directory, and its \fBp_minfree\fR attribute must +be between 0 and 100. .RE .SH DIAGNOSTICS -.sp .LP The \fBaudit\fR command will exit with \fB0\fR upon success and a positive integer upon failure. -.SH FILES -.RS +4 -.TP -.ie t \(bu -.el o -\fB/etc/security/audit_user\fR -.RE -.RS +4 -.TP -.ie t \(bu -.el o -\fB/etc/security/audit_control\fR -.RE + .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -102,51 +83,10 @@ Stability Evolving .TE .SH SEE ALSO -.sp -.LP -\fBbsmconv\fR(1M), \fBpraudit\fR(1M), \fBaudit\fR(2), \fBaudit_control\fR(4), -\fBaudit_user\fR(4), \fBattributes\fR(5) -.sp .LP -See the section on Solaris Auditing in \fISystem Administration Guide: Security -Services\fR. +\fBpraudit\fR(1M), \fBauditconfig\fR(1M), \fBaudit\fR(2), \fBsmf\fR(5), +\fBattributes\fR(5) .SH NOTES -.sp -.LP -The functionality described in this man page is available only if the Solaris -Auditing feature has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp -.LP -The \fBaudit\fR command does not modify a process's preselection mask. It -functions are limited to the following: -.RS +4 -.TP -.ie t \(bu -.el o -affects which audit directories are used for audit data storage; -.RE -.RS +4 -.TP -.ie t \(bu -.el o -specifies the minimum free space setting; -.RE -.RS +4 -.TP -.ie t \(bu -.el o -resets the parameters supplied by means of the plugin directive. -.RE -.sp -.LP -For the \fB-s\fR option, \fBaudit\fR validates the \fBaudit_control\fR syntax -and displays an error message if a syntax error is found. If a syntax error -message is displayed, the audit daemon does not re-read \fBaudit_control\fR. -Because \fBaudit_control\fR is processed at boot time, the \fB-v\fR option is -provided to allow syntax checking of an edited copy of \fBaudit_control\fR. -Using \fB-v\fR, \fBaudit\fR exits with 0 if the syntax is correct; otherwise, -it returns a positive integer. -.sp .LP The \fB-v\fR option can be used in any zone, but the \fB-t\fR, \fB-s\fR, and \fB-n\fR options are valid only in local zones and, then, only if the diff --git a/usr/src/man/man1m/audit_warn.1m b/usr/src/man/man1m/audit_warn.1m index 4106e3d928..d1ace1257c 100644 --- a/usr/src/man/man1m/audit_warn.1m +++ b/usr/src/man/man1m/audit_warn.1m @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_WARN 1M "Apr 16, 2008" +.TH AUDIT_WARN 1M "Mar 6, 2017" .SH NAME audit_warn \- audit daemon warning script .SH SYNOPSIS @@ -13,7 +14,6 @@ audit_warn \- audit daemon warning script .fi .SH DESCRIPTION -.sp .LP The \fBaudit_warn\fR utility processes warning or error messages from the audit daemon. When a problem is encountered, the audit daemon, \fBauditd\fR(1M) calls @@ -26,7 +26,6 @@ when an audit_warn situation arises by defining a mail alias called \fBaudit_warn\fR in \fBaliases\fR(4). The users that make up the \fBaudit_warn\fR alias are typically the \fBaudit\fR and \fBroot\fR users. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -73,34 +72,6 @@ console. .sp .ne 2 .na -\fB\fBebusy\fR\fR -.ad -.sp .6 -.RS 4n -Indicates that the audit daemon is already running. The default action for this -option is to send mail to the \fBaudit_warn\fR alias and to write a message to -the machine console. -.RE - -.sp -.ne 2 -.na -\fB\fBgetacdir\fR \fIcount\fR\fR -.ad -.sp .6 -.RS 4n -Indicates that there is a problem getting the directory list or plugin list -from \fBaudit_control\fR(4). The audit daemon will hang in a sleep loop until -the file is fixed. The default action for this option is to send mail to the -\fBaudit_warn\fR alias only if \fIcount\fR is \fB1\fR, and to write a message -to the machine console every time. It is recommended that mail \fInot\fR be -sent every time as this could result in a the saturation of the file system -that contains the mail spool directory. -.RE - -.sp -.ne 2 -.na \fB\fBhard\fR \fIfilename\fR\fR .ad .sp .6 @@ -164,7 +135,7 @@ resources. .ad .RS 16n No plugins loaded (including the binary file plugin, \fBaudit_binfile\fR(5)) -due to configuration errors in \fBaudit_control\fR(4). The name string is +due to configuration errors. The name string is \fB--\fR to indicate that no plugin name applies. .RE @@ -174,9 +145,7 @@ due to configuration errors in \fBaudit_control\fR(4). The name string is \fB\fBretry\fR\fR .ad .RS 16n -The plugin \fIname\fR reports it has encountered a temporary failure. For -example, the \fBaudit_binfree.so\fR plugin uses \fBretry\fR to indicate that -all directories are full. +The plugin \fIname\fR reports it has encountered a temporary failure. .RE .sp @@ -211,18 +180,6 @@ The plugin \fIname\fR has reported an error as described in \fItext\fR. .sp .ne 2 .na -\fB\fBpostsigterm\fR\fR -.ad -.sp .6 -.RS 4n -Indicates that an error occurred during the orderly shutdown of the audit -daemon. The default action for this option is to send mail to the -\fBaudit_warn\fR alias and to write a message to the machine console. -.RE - -.sp -.ne 2 -.na \fB\fBsoft\fR \fIfilename\fR\fR .ad .sp .6 @@ -239,13 +196,11 @@ write a message to the machine console. .ad .sp .6 .RS 4n -Indicates that the temporary audit file already exists indicating a fatal -error. The default action for this option is to send mail to the -\fBaudit_warn\fR alias and to write a message to the machine console. +Indicates that there was a problem creating a symlink from +\fB/var/run/.audit.log\fR to the current audit log file.. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -264,20 +219,10 @@ Interface Stability Evolving .LP The interface stability is evolving. The file content is unstable. .SH SEE ALSO -.sp -.LP -\fBaudit\fR(1M), \fBauditd\fR(1M), \fBbsmconv\fR(1M), \fBaliases\fR(4), -\fBaudit.log\fR(4), \fBaudit_control\fR(4), \fBattributes\fR(5) -.sp .LP -See the section on Solaris Auditing in \fISystem Administration Guide: Security -Services\fR. +\fBaudit\fR(1M), \fBauditd\fR(1M), \fBaliases\fR(4), +\fBaudit.log\fR(4), \fBattributes\fR(5) .SH NOTES -.sp -.LP -This functionality is available only if the Solaris Auditing feature has been -enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP If the audit policy \fBperzone\fR is set, the \fB/etc/security/audit_warn\fR script for the local zone is used for notifications from the local zone's diff --git a/usr/src/man/man1m/auditconfig.1m b/usr/src/man/man1m/auditconfig.1m index 44b76ea862..24cb8927c2 100644 --- a/usr/src/man/man1m/auditconfig.1m +++ b/usr/src/man/man1m/auditconfig.1m @@ -1,10 +1,11 @@ '\" te .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved .\" Copyright 2015, Joyent, Inc. All Rights Reserved +.\" Copyright (c) 2017 Peter Tribble .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDITCONFIG 1M "Jan 28, 2015" +.TH AUDITCONFIG 1M "Mar 6, 2017" .SH NAME auditconfig \- configure auditing .SH SYNOPSIS @@ -19,10 +20,6 @@ auditconfig \- configure auditing parameters. .sp .LP -This functionality is available only if the Solaris Auditing feature has been -enabled. See \fBbsmconv\fR(1M) for more information. -.sp -.LP The setting of the \fBperzone\fR policy determines the scope of the audit setting controlled by \fBauditconfig\fR. If \fBperzone\fR is set, then the values reflect the local zone except as noted. Otherwise, the settings are for @@ -42,13 +39,13 @@ administrator. \fBperzone\fR and \fBahlt\fR are described under the .ad .sp .6 .RS 4n -Set the non-attributable audit mask from the \fBaudit_control\fR(4) file. For -example: +Set the non-attributable audit mask to the value set using the \fb-setnaflags\fR +option. For example: .sp .in +2 .nf # auditconfig -aconf -Configured non-attributable events. +Configured non-attributable event mask. .fi .in -2 .sp @@ -93,8 +90,8 @@ audit record from audit trail: .ad .sp .6 .RS 4n -Checks the configuration of the non-attributable events set in the kernel -against the entries in \fBaudit_control\fR(4). If the runtime class mask of a +Checks that the current non-attributable event flags set in the kernel +matches the configuration. If the runtime class mask of a kernel audit event does not match the configured class mask, a mismatch is reported. .RE @@ -224,9 +221,9 @@ Display the kernel audit condition. The condition displayed is the literal string \fBauditing\fR meaning auditing is enabled and turned on (the kernel audit module is constructing and queuing audit records); \fBnoaudit\fR, meaning auditing is enabled but turned off (the kernel audit module is not constructing -and queuing audit records); \fBdisabled\fR, meaning that the audit module has -not been enabled; or \fBnospace\fR, meaning there is no space for saving audit -records. See \fBauditon\fR(2) and \fBauditd\fR(1M) for further information. +and queuing audit records); or \fBnospace\fR, meaning there is no space for +saving audit records. See \fBauditon\fR(2) and \fBauditd\fR(1M) for further +information. .RE .sp @@ -476,7 +473,7 @@ block. For example: .sp .in +2 .nf -# ./auditconfig -getqhiwater +# auditconfig -getqhiwater audit queue hiwater mark (records) = 100 .fi .in -2 @@ -577,9 +574,9 @@ Execute shell or \fIcmd\fR with specified \fIsession-ID\fR. For example: .sp .in +2 .nf -# ./auditconfig -setasid 2000 /bin/ksh +# auditconfig -setasid 2000 /bin/ksh # -# ./auditconfig -getpinfo 104485 +# auditconfig -getpinfo 104485 audit id = abc(666) process preselection mask = lo(0x1000,0x1000) terminal id (maj,min,host) = 235,197121,elbow(172.146.89.77) @@ -620,9 +617,8 @@ Execute shell or \fIcmd\fR with the specified \fIaudit-ID\fR. .RS 4n Map the kernel event \fIevent\fR to the classes specified by \fIaudit_flags\fR. \fIevent\fR is an event number or name. An \fIaudit_flag\fR is a two character -string representing an audit class. See \fBaudit_control\fR(4) for further -information. If \fBperzone\fR is not set, this option is valid only in the -global zone. +string representing an audit class. If \fBperzone\fR is not set, this option +is valid only in the global zone. .RE .sp @@ -708,8 +704,7 @@ Configures a plugin's attributes. For example: .ad .sp .6 .RS 4n -Set the preselection mask of the specified process. \fBflags\fR is the ASCII -representation of the flags similar to that in \fBaudit_control\fR(4). +Set the preselection mask of the specified process. .sp If \fBperzone\fR is not set, this option is valid only in the global zone. .RE @@ -1057,25 +1052,21 @@ Interface Stability Committed .SH SEE ALSO .LP -\fBaudit\fR(1M), \fBauditd\fR(1M), \fBauditstat\fR(1M), \fBbsmconv\fR(1M), +\fBaudit\fR(1M), \fBauditd\fR(1M), \fBauditstat\fR(1M), \fBpraudit\fR(1M), \fBauditon\fR(2), \fBexecv\fR(2), \fBaudit_class\fR(4), -\fBaudit_control\fR(4), \fBaudit_event\fR(4), \fBattributes\fR(5), -\fBaudit_binfile\fR(5) -.sp -.LP -See the section on Solaris Auditing in \fISystem Administration Guide: Security -Services\fR. +\fBaudit_event\fR(4), \fBattributes\fR(5), +\fBaudit_binfile\fR(5), \fBaudit_remote\fR(5), \fBaudit_syslog\fR(5) .SH NOTES .LP -If plugin output is selected using \fBaudit_control\fR(4), the behavior of the -system with respect to the \fB-setpolicy\fR \fB+cnt\fR and the +If the \fBaudit_remote\fR or \fBaudit_syslog\fR plugins are active, the +behavior of the system with respect to the \fB-setpolicy\fR \fB+cnt\fR and the \fB-setqhiwater\fR options is modified slightly. If \fB-setpolicy\fR \fB+cnt\fR is set, data will continue to be sent to the selected plugin, even though output to the binary audit log is stopped, pending the freeing of disk space. If \fB-setpolicy\fR \fB-cnt\fR is used, the blocking behavior is as described under OPTIONS, above. The value set for the queue high water mark is used within \fBauditd\fR as the default value for its queue limits unless overridden -by means of the \fBqsize\fR attribute as described in \fBaudit_control\fR(4). +by means of the \fBqsize\fR attribute. .sp .LP The \fBauditconfig\fR options that modify or display process-based information diff --git a/usr/src/man/man1m/auditd.1m b/usr/src/man/man1m/auditd.1m index 7d2e7c3d89..d2658a1470 100644 --- a/usr/src/man/man1m/auditd.1m +++ b/usr/src/man/man1m/auditd.1m @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDITD 1M "Apr 29, 2008" +.TH AUDITD 1M "Mar 6, 2017" .SH NAME auditd \- audit daemon .SH SYNOPSIS @@ -13,38 +14,10 @@ auditd \- audit daemon .fi .SH DESCRIPTION -.sp .LP The audit daemon, \fBauditd\fR, controls the generation and location of audit -trail files and the generation of syslog messages based on the definitions in -\fBaudit_control\fR(4). If auditing is enabled, \fBauditd\fR reads the -\fBaudit_control\fR file to do the following: -.RS +4 -.TP -.ie t \(bu -.el o -reads the path to a library module for realtime conversion of audit data into -syslog messages; -.RE -.RS +4 -.TP -.ie t \(bu -.el o -reads other parameters specific to the selected plugin or plugins; -.RE -.RS +4 -.TP -.ie t \(bu -.el o -obtains a list of directories into which audit files can be written; -.RE -.RS +4 -.TP -.ie t \(bu -.el o -obtains the percentage limit for how much space to reserve on each filesystem -before changing to the next directory. -.RE +trail files and the generation of syslog messages based on its configuration, +stored in \fBsmf\fR(5) and managed using the \fBauditconfig\fR(1M) command. .sp .LP \fBaudit\fR(1M) is used to control \fBauditd\fR. It can cause \fBauditd\fR to: @@ -58,7 +31,7 @@ close the current audit file and open a new one; .TP .ie t \(bu .el o -close the current audit file, re-read \fB/etc/security/audit_control\fR and +close the current audit file, reread its configuration and open a new audit file; .RE .RS +4 @@ -68,7 +41,6 @@ open a new audit file; close the audit trail and terminate auditing. .RE .SS "Auditing Conditions" -.sp .LP The audit daemon invokes the program \fBaudit_warn\fR(1M) under the following conditions with the indicated options: @@ -80,8 +52,8 @@ conditions with the indicated options: .sp .6 .RS 4n The file system upon which \fIpathname\fR resides has exceeded the minimum free -space limit defined in \fBaudit_control\fR(4). A new audit trail has been -opened on another file system. +space limit defined by the \fBp_minfree\fR attribute of the \fbaudit_binfile\fR +plugin. A new audit trail has been opened on another file system. .RE .sp @@ -123,21 +95,12 @@ arose. .sp .ne 2 .na -\fB\fBaudit_warn ebusy\fR\fR -.ad -.sp .6 -.RS 4n -There is already an audit daemon running. -.RE - -.sp -.ne 2 -.na \fB\fBaudit_warn tmpfile\fR\fR .ad .sp .6 .RS 4n -The file \fB/etc/security/audit/audit_tmp\fR exists, indicating a fatal error. +There was a problem creating a symlink from \fB/var/run/.audit.log\fR to the +current audit log file. .RE .sp @@ -147,8 +110,7 @@ The file \fB/etc/security/audit/audit_tmp\fR exists, indicating a fatal error. .ad .sp .6 .RS 4n -The internal system audit condition is \fBAUC_FCHDONE\fR. Auditing cannot be -started without rebooting the system. +There was an internal error starting auditing. .RE .sp @@ -163,35 +125,7 @@ The internal system audit condition has been changed to not be audit daemon to exit. .RE -.sp -.ne 2 -.na -\fB\fBaudit_warn postsigterm\fR\fR -.ad -.sp .6 -.RS 4n -An error occurred during the orderly shutdown of the auditing system. -.RE - -.sp -.ne 2 -.na -\fB\fBaudit_warn getacdir\fR\fR -.ad -.sp .6 -.RS 4n -There is a problem getting the directory list from -\fB/etc/security/audit/audit_control\fR. -.sp -The audit daemon will hang in a sleep loop until this file is fixed. -.RE - -.SH FILES -.sp -.LP -\fB/etc/security/audit/audit_control\fR .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -207,25 +141,11 @@ Interface Stability Committed .TE .SH SEE ALSO -.sp .LP -\fBaudit\fR(1M), \fBaudit_warn\fR(1M), \fBbsmconv\fR(1M), \fBpraudit\fR(1M), -\fBauditon\fR(2), \fBaudit.log\fR(4), \fBaudit_control\fR(4), +\fBaudit\fR(1M), \fBauditconfig\fR(1M), \fBaudit_binfile\fR(5), +\fBaudit_warn\fR(1M), \fBpraudit\fR(1M), \fBauditon\fR(2), \fBaudit.log\fR(4), \fBattributes\fR(5) -.sp -.LP -See the section on Solaris Auditing in \fISystem Administration Guide: Security -Services\fR. .SH NOTES -.sp -.LP -The functionality described in this man page is available only if the Solaris -Auditing feature has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp -.LP -\fBauditd\fR is loaded in the global zone at boot time if auditing is enabled. -See \fBbsmconv\fR(1M). -.sp .LP If the audit policy \fBperzone\fR is set, \fBauditd\fR runs in each zone, starting automatically when the local zone boots. If a zone is running when the @@ -236,9 +156,8 @@ and will start automatically with future boots of the zone. .sp .LP When \fBauditd\fR runs in a local zone, the configuration is taken from the -local zone's \fB/etc/security\fR directory's files: \fBaudit_control\fR, -\fBaudit_class\fR, \fBaudit_user\fR, \fBaudit_startup\fR, and -\fBaudit_event\fR. +local zone's \fB/etc/security\fR directory's files: +\fBaudit_class\fR, and \fBaudit_event\fR. .sp .LP Configuration changes do not affect audit sessions that are currently running, @@ -247,3 +166,21 @@ preselection mask on a running process, use the \fB-setpmask\fR option of the \fBauditconfig\fR command (see \fBauditconfig\fR(1M)). If the user logs out and logs back in, the new configuration changes will be reflected in the next audit session. +.sp +.LP +The \fBauditd\fR service is managed by the service management facility, +\fBsmf\fR(5), under the service identifier: +.sp +.in +2 +.nf +svc:/system/auditd +.fi +.in -2 +.sp + +.sp +.LP +The service's status can be queried using the \fBsvcs\fR(1) command. While +administrative actions on this service, such as enabling, disabling, or +requesting restart, can be performed using \fBsvcadm\fR(1M), the \fBaudit\fR(1M) +command is the preferred administrative interface. diff --git a/usr/src/man/man1m/auditrecord.1m b/usr/src/man/man1m/auditrecord.1m index 1ae35b5809..ffc3514bc7 100644 --- a/usr/src/man/man1m/auditrecord.1m +++ b/usr/src/man/man1m/auditrecord.1m @@ -3,9 +3,9 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDITRECORD 1M "May 13, 2009" +.TH AUDITRECORD 1M "Mar 6, 2017" .SH NAME -auditrecord \- display Solaris audit record formats +auditrecord \- display audit record formats .SH SYNOPSIS .LP .nf @@ -14,7 +14,6 @@ auditrecord \- display Solaris audit record formats .fi .SH DESCRIPTION -.sp .LP The \fBauditrecord\fR utility displays the event ID, audit class and selection mask, and record format for audit record event types defined in @@ -31,7 +30,6 @@ browser. Tokens contained in square brackets ( \fB[ ]\fR ) are optional and might not be present in every record. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -187,7 +185,6 @@ rlogin .sp .SH EXIT STATUS -.sp .ne 2 .na \fB\fB0\fR\fR @@ -208,7 +205,6 @@ Error .RE .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit_class\fR\fR @@ -230,7 +226,6 @@ associated system call or program. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -248,16 +243,10 @@ Interface Stability Obsolete Uncommitted .TE .SH SEE ALSO -.sp .LP \fBauditconfig\fR(1M), \fBpraudit\fR(1M), \fBaudit.log\fR(4), \fBaudit_class\fR(4), \fBaudit_event\fR(4), \fBattributes\fR(5) -.sp -.LP -See the section on Solaris Auditing in \fISystem Administration Guide: Security -Services\fR. .SH DIAGNOSTICS -.sp .LP If unable to read either of its input files or to write its output file, \fBauditrecord\fR shows the name of the file on which it failed and exits with @@ -268,18 +257,16 @@ If no options are provided, if an invalid option is provided, or if both \fB-s\fR and \fB-p\fR are provided, an error message is displayed and \fBauditrecord\fR displays a usage message then exits with a non-zero return. .SH NOTES -.sp .LP This command is Obsolete and may be removed and replaced with equivalent -functionality in a future release of Solaris. This command was formerly known -as \fBbsmrecord\fR. +functionality in the future. This command was formerly known as \fBbsmrecord\fR. .sp .LP If \fB/etc/security/audit_event\fR has been modified to add user-defined audit events, \fBauditrecord\fR displays the record format as \fBundefined\fR. .sp .LP -The audit records displayed by \fBbsmrecord\fR are the core of the record that +The audit records displayed by \fBauditrecord\fR are the core of the record that can be produced. Various audit policies and optional tokens, such as those shown below, might also be present. .sp diff --git a/usr/src/man/man1m/auditreduce.1m b/usr/src/man/man1m/auditreduce.1m index d7b854ee1b..0261a07778 100644 --- a/usr/src/man/man1m/auditreduce.1m +++ b/usr/src/man/man1m/auditreduce.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDITREDUCE 1M "Apr 10, 2006" +.TH AUDITREDUCE 1M "Mar 6, 2017" .SH NAME auditreduce \- merge and select audit records from audit trail files .SH SYNOPSIS @@ -13,7 +13,6 @@ auditreduce \- merge and select audit records from audit trail files .fi .SH DESCRIPTION -.sp .LP \fBauditreduce\fR allows you to select or merge records from audit trail files. Audit files can be from one or more machines. @@ -27,8 +26,7 @@ maintained by \fBauditreduce\fR in the output file. .LP Unless instructed otherwise, \fBauditreduce\fR will merge the entire audit trail, which consists of all the audit trail files in the directory structure -\fIaudit_root_dir\fR/*/files (see \fBaudit_control\fR(4) for details of the -structure of the audit root). Unless specified with the -\fBR\fR or -\fBS\fR +\fIaudit_root_dir\fR/*/files. Unless specified with the -\fBR\fR or -\fBS\fR option, \fIaudit_root_dir\fR defaults to \fB/etc/security/audit\fR. By using the file selection options it is possible to select some subset of these files, or files from another directory, or files named explicitly on the command line. @@ -39,7 +37,6 @@ numerous criteria relating to the record's content (see \fBaudit.log\fR(4) for details of record content). A record must meet all of the \fIrecord-selection-option\fR criteria to be selected. .SS "Audit Trail Filename Format" -.sp .LP Any audit trail file not named on the command line must conform to the audit trail filename format. Files produced by the audit system already have this @@ -66,7 +63,6 @@ form \fIyyyymmddhhmmss\fR (year, month, day, hour, minute, second). The timestamps are in Greenwich Mean Time (GMT). .SH OPTIONS .SS "File Selection Options" -.sp .LP The file selection options indicate which files are to be processed and certain types of special treatment. @@ -225,7 +221,6 @@ total were written to the output stream. .RE .SS "Record Selection Options" -.sp .LP The record selection options listed below are used to indicate which records are written to the output file produced by \fBauditreduce\fR. @@ -264,10 +259,8 @@ Select records that occurred before \fIdate-time\fR. .RS 4n Select records by audit class. Records with events that are mapped to the audit classes specified by \fIaudit-classes\fR are selected. Audit class names are -defined in \fBaudit_class\fR(4). The \fIaudit-classes\fR can be a comma -separated list of \fBaudit\fR \fIflags\fR like those described in -\fBaudit_control\fR(4). Using the \fBaudit\fR \fIflags,\fR one can select -records based upon success and failure criteria. +defined in \fBaudit_class\fR(4). Using the \fBaudit\fR \fIflags,\fR one can +select records based upon success and failure criteria. .RE .sp @@ -611,7 +604,6 @@ audit trail filename format. However, \fB-M\fR, \fB-S\fR, and \fB-R\fR must not be used when processing named files. If the \fIfilename\fR is ``\(mi'' then the input is taken from the standard input. .SS "Option Arguments" -.sp .ne 2 .na \fB\fIaudit-trail-file\fR\fR @@ -857,7 +849,6 @@ To get an audit log of only the global zone: .in -2 .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit/\fR\fIserver\fR\fB/files/*\fR\fR @@ -868,7 +859,6 @@ location of audit trails, when stored .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -888,17 +878,11 @@ Interface Stability See below. The command invocation is Stable. The binary file format is Stable. The binary file contents is Unstable. .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBpraudit\fR(1M), \fBaudit.log\fR(4), \fBaudit_class\fR(4), -\fBaudit_control\fR(4), \fBgroup\fR(4), \fBhosts\fR(4), \fBpasswd\fR(4), +\fBpraudit\fR(1M), \fBaudit.log\fR(4), \fBaudit_class\fR(4), +\fBgroup\fR(4), \fBhosts\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5), \fBsmf\fR(5) -.sp -.LP -See the section on Solaris Auditing in \fISystem Administration Guide: Security -Services\fR. .SH DIAGNOSTICS -.sp .LP \fBauditreduce\fR displays error messages if there are command line errors and then exits. If there are fatal errors during the run, \fBauditreduce\fR @@ -918,16 +902,10 @@ If \fBauditreduce\fR displays a record's timestamp in a diagnostic message, that time is in local time. However, when filenames are displayed, their timestamps are in \fBGMT\fR. .SH BUGS -.sp .LP Conjunction, disjunction, negation, and grouping of record selection options should be allowed. .SH NOTES -.sp -.LP -The functionality described in this man page is available only if the Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP The \fB-z\fR option should be used only if the audit policy \fBzonename\fR is set. If there is no zonename token, then no records will be selected. diff --git a/usr/src/man/man1m/auditstat.1m b/usr/src/man/man1m/auditstat.1m index 288dfc9941..7ddcc5bb2c 100644 --- a/usr/src/man/man1m/auditstat.1m +++ b/usr/src/man/man1m/auditstat.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDITSTAT 1M "Jun 16, 2009" +.TH AUDITSTAT 1M "Mar 6, 2017" .SH NAME auditstat \- display kernel audit statistics .SH SYNOPSIS @@ -14,7 +14,6 @@ auditstat \- display kernel audit statistics .fi .SH DESCRIPTION -.sp .LP \fBauditstat\fR displays kernel audit statistics. The fields displayed are as follows: @@ -137,7 +136,6 @@ have not been written. .RE .SH OPTIONS -.sp .ne 2 .na \fB\fB-c\fR \fIcount\fR\fR @@ -200,16 +198,9 @@ Display the version number of the kernel audit module software. .RE .SH EXIT STATUS -.sp .LP \fBauditstat\fR returns \fB0\fR upon success and \fB1\fR upon failure. .SH SEE ALSO -.sp .LP -\fBauditconfig\fR(1M), \fBpraudit\fR(1M), \fBbsmconv\fR(1M), \fBaudit\fR(2), +\fBauditconfig\fR(1M), \fBpraudit\fR(1M), \fBaudit\fR(2), \fBauditon\fR(2), \fBattributes\fR(5) -.SH NOTES -.sp -.LP -The functionality described in this man page is available only if Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man1m/dminfo.1m b/usr/src/man/man1m/dminfo.1m index 9f41379440..41f28a9c22 100644 --- a/usr/src/man/man1m/dminfo.1m +++ b/usr/src/man/man1m/dminfo.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH DMINFO 1M "Apr 16, 2008" +.TH DMINFO 1M "Mar 6, 2017" .SH NAME dminfo \- report information about a device entry in a device maps file .SH SYNOPSIS @@ -33,12 +33,10 @@ dminfo \- report information about a device entry in a device maps file .fi .SH DESCRIPTION -.sp .LP \fBdminfo\fR reports and updates information about the \fBdevice_maps\fR(4) file. .SH OPTIONS -.sp .LP The following options are supported .sp @@ -120,7 +118,6 @@ standard output. If no entries are specified, all are printed. .RE .SH EXIT STATUS -.sp .ne 2 .na \fB0\fR @@ -148,15 +145,8 @@ Incorrect syntax. .RE .SH FILES -.sp .LP \fB/etc/security/device_maps\fR .SH SEE ALSO -.sp -.LP -\fBbsmconv\fR(1M), \fBdevice_maps\fR(4), \fBattributes\fR(5) -.SH NOTES -.sp .LP -The functionality described in this man page is available only if the Solaris -Auditing feature has been enabled. See \fBbsmconv\fR(1M) for more information. +\fBdevice_maps\fR(4), \fBattributes\fR(5) diff --git a/usr/src/man/man1m/ldapaddent.1m b/usr/src/man/man1m/ldapaddent.1m index 47210daa8b..38821a0b16 100644 --- a/usr/src/man/man1m/ldapaddent.1m +++ b/usr/src/man/man1m/ldapaddent.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LDAPADDENT 1M "May 4, 2009" +.TH LDAPADDENT 1M "Mar 6, 2017" .SH NAME ldapaddent \- create LDAP entries from corresponding /etc files .SH SYNOPSIS @@ -50,7 +50,6 @@ ldapaddent \- create LDAP entries from corresponding /etc files .fi .SH DESCRIPTION -.sp .LP \fBldapaddent\fR creates entries in LDAP containers from their corresponding \fB/etc\fR files. This operation is customized for each of the standard @@ -121,7 +120,7 @@ stored in the \fBpeople\fR container itself. Similarly, data from container. .sp .LP -The \fBuser_attr\fR and \fBaudit_user\fR data is stored by default in the +The \fBuser_attr\fR data is stored by default in the \fBpeople\fR container. The \fBprof_attr\fR and \fBexec_attr\fR data is stored by default in the \fBSolarisProfAttr\fR container. .sp @@ -131,8 +130,7 @@ entries from the \fBshadow\fR database. The addition of a \fBshadow\fR entry that does not have a corresponding \fBpasswd\fR entry will fail. .sp .LP -The \fBpasswd\fR database must precede both the \fBuser_attr\fR and -\fBaudit_user\fR databases. +The \fBpasswd\fR database must precede the \fBuser_attr\fR database. .sp .LP For better performance, the recommended order in which the databases should be @@ -160,7 +158,6 @@ loaded is as follows: Only the first entry of a given type that is encountered will be added to the LDAP server. The \fBldapaddent\fR command skips any duplicate entries. .SH OPTIONS -.sp .LP The \fBldapaddent\fR command supports the following options: .sp @@ -397,7 +394,6 @@ Verbose. .RE .SH OPERANDS -.sp .LP The following operands are supported: .sp @@ -498,7 +494,6 @@ example# \fBldapaddent -h 10.10.10.10:3890 \e .sp .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -522,7 +517,6 @@ An error occurred. .RE .SH FILES -.sp .ne 2 .na \fB\fB/var/ldap/ldap_client_file\fR\fR @@ -539,7 +533,6 @@ be modified manually. Their content is not guaranteed to be human readable. Use .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -555,7 +548,6 @@ Interface Stability Committed .TE .SH SEE ALSO -.sp .LP \fBldap\fR(1), \fBldaplist\fR(1), \fBldapmodify\fR(1), \fBldapmodrdn\fR(1), \fBldapsearch\fR(1), \fBidsconfig\fR(1M), \fBldapclient\fR(1M), @@ -564,7 +556,6 @@ Interface Stability Committed .LP \fI\fR .SH CAUTION -.sp .LP Currently StartTLS is not supported by \fBlibldap.so.5\fR, therefore the port number provided refers to the port used during a TLS open, rather than the port diff --git a/usr/src/man/man1m/mkdevalloc.1m b/usr/src/man/man1m/mkdevalloc.1m index 7739ddd0a7..d7adede488 100644 --- a/usr/src/man/man1m/mkdevalloc.1m +++ b/usr/src/man/man1m/mkdevalloc.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH MKDEVALLOC 1M "Oct 8, 2003" +.TH MKDEVALLOC 1M "Mar 6, 2017" .SH NAME mkdevalloc \- Make device_allocate entries .SH SYNOPSIS @@ -13,7 +13,6 @@ mkdevalloc \- Make device_allocate entries .fi .SH DESCRIPTION -.sp .LP The \fBmkdevalloc\fR command writes to standard out a set of \fBdevice_allocate\fR(4) entries describing the system's frame buffer, audio @@ -60,7 +59,6 @@ frame buffer framebuffer fb /bin/true .in -2 .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -76,11 +74,9 @@ Interface Stability Obsolete .TE .SH SEE ALSO -.sp .LP -\fBallocate\fR(1), \fBbsmconv\fR(1M), \fBattributes\fR(5) +\fBallocate\fR(1), \fBattributes\fR(5) .SH NOTES -.sp .LP \fBmkdevalloc\fR might not be supported in a future release of the Solaris operating system. diff --git a/usr/src/man/man1m/mkdevmaps.1m b/usr/src/man/man1m/mkdevmaps.1m index de8687919a..8479147cf9 100644 --- a/usr/src/man/man1m/mkdevmaps.1m +++ b/usr/src/man/man1m/mkdevmaps.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH MKDEVMAPS 1M "Oct 8, 2003" +.TH MKDEVMAPS 1M "Mar 6, 2017" .SH NAME mkdevmaps \- make device_maps entries .SH SYNOPSIS @@ -13,7 +13,6 @@ mkdevmaps \- make device_maps entries .fi .SH DESCRIPTION -.sp .LP The \fBmkdevmaps\fR command writes to standard out a set of \fBdevice_maps\fR(4) entries describing the system's frame buffer, audio, and @@ -39,7 +38,6 @@ frame buffer /dev/fb .in -2 .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -55,11 +53,9 @@ Interface Stability Obsolete .TE .SH SEE ALSO -.sp .LP -\fBallocate\fR(1), \fBbsmconv\fR(1M), \fBattributes\fR(5) +\fBallocate\fR(1), \fBattributes\fR(5) .SH NOTES -.sp .LP \fBmkdevmaps\fR might not be supported in a future release of the Solaris operating system. diff --git a/usr/src/man/man1m/nscd.1m b/usr/src/man/man1m/nscd.1m index 2069ed387d..335d5d7d34 100644 --- a/usr/src/man/man1m/nscd.1m +++ b/usr/src/man/man1m/nscd.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH NSCD 1M "Sep 14, 2006" +.TH NSCD 1M "Mar 6, 2017" .SH NAME nscd \- name service cache daemon .SH SYNOPSIS @@ -14,7 +14,6 @@ nscd \- name service cache daemon .fi .SH DESCRIPTION -.sp .LP The \fBnscd\fR daemon is a process that provides a cache for most name service requests. The default \fIconfiguration-file\fR \fB/etc/nscd.conf\fR determines @@ -24,7 +23,7 @@ the behavior of the cache daemon. See \fBnscd.conf\fR(4). \fBnscd\fR provides caching for the \fBpasswd\fR(4), \fBgroup\fR(4), \fBhosts\fR(4), \fBipnodes\fR(4), \fBexec_attr\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBethers\fR(4), \fBrpc\fR(4), \fBprotocols\fR(4), -\fBnetworks\fR(4), \fBbootparams\fR(4), \fBaudit_user\fR(4), +\fBnetworks\fR(4), \fBbootparams\fR(4), \fBauth_attr\fR(4), \fBservices\fR(4), \fBnetmasks\fR(4), \fBprinters\fR(4), \fBproject\fR(4) databases through standard \fBlibc\fR interfaces, such as \fBgethostbyname\fR(3NSL), \fBgetipnodebyname\fR(3SOCKET), @@ -72,13 +71,12 @@ read and use the same default configuration file or the one specified with the \fB-f\fR command line option. Once the configuration is read, the per-user \fBnscd\fR will use it for its entire lifetime. .SH OPTIONS -.sp .LP Several of the options described below require a \fIcachename\fR specification. Supported values for \fIcachename\fR are: \fBpasswd\fR, \fBgroup\fR, \fBhosts\fR, \fBipnodes\fR, \fBexec_attr\fR, \fBprof_attr\fR, \fBuser_attr\fR, \fBethers\fR, \fBrpc\fR, \fBprotocols\fR, \fBnetworks\fR, \fBbootparams\fR, -\fBaudit_user\fR, \fBauth_attr\fR, \fBservices\fR, \fBnetmasks\fR, +\fBauth_attr\fR, \fBservices\fR, \fBnetmasks\fR, \fBprinters\fR, and \fBproject\fR. .sp .ne 2 @@ -135,7 +133,6 @@ example# svcadm enable system/name-service-cache .sp .SH FILES -.sp .ne 2 .na \fB\fB/etc/nscd.conf\fR\fR @@ -145,17 +142,15 @@ Determines athe behavior of the cache daemon .RE .SH SEE ALSO -.sp .LP \fBsvcs\fR(1), \fBsvcadm\fR(1M), \fBgetspnam\fR(3C), \fBgethostbyname\fR(3NSL), -\fBgetipnodebyname\fR(3SOCKET), \fBaudit_user\fR(4), \fBauth_attr\fR(4), +\fBgetipnodebyname\fR(3SOCKET), \fBauth_attr\fR(4), \fBbootparams\fR(4), \fBethers\fR(4), \fBexec_attr\fR(4), \fBgroup\fR(4), \fBhosts\fR(4), \fBnetmasks\fR(4), \fBnetworks\fR(4), \fBnscd.conf\fR(4), \fBnsswitch.conf\fR(4), \fBpasswd\fR(4), \fBprinters\fR(4), \fBprof_attr\fR(4), \fBproject\fR(4), \fBprotocols\fR(4), \fBrpc\fR(4), \fBservices\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) .SH NOTES -.sp .LP The output from the \fB-g\fR option to \fBnscd\fR is subject to change. Do not rely upon it as a programming interface. diff --git a/usr/src/man/man1m/praudit.1m b/usr/src/man/man1m/praudit.1m index 84070e673c..845067c887 100644 --- a/usr/src/man/man1m/praudit.1m +++ b/usr/src/man/man1m/praudit.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH PRAUDIT 1M "Jul 26, 2009" +.TH PRAUDIT 1M "Mar 6, 2017" .SH NAME praudit \- print contents of an audit trail file .SH SYNOPSIS @@ -13,7 +13,6 @@ praudit \- print contents of an audit trail file .fi .SH DESCRIPTION -.sp .LP \fBpraudit\fR reads the listed \fIfilename\fRs (or standard input, if no \fIfilename\fR is specified) and interprets the data as audit trail records as @@ -23,7 +22,6 @@ representation. Record type and event fields are converted to their \fBASCII\fR representation. A maximum of 100 audit files can be specified on the command line. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -90,7 +88,6 @@ identification of the DTD which can be used to parse the XML. .RE .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit_event\fR\fR @@ -117,7 +114,7 @@ Audit class definitions. .ad .sp .6 .RS 4n -Directory containing the verisioned DTD file referenced in XML output, for +Directory containing the versioned DTD file referenced in XML output, for example, \fBadt_record.dtd.1\fR. .RE @@ -133,7 +130,6 @@ example, \fBadt_record.xsl.1\fR. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -152,19 +148,9 @@ Interface Stability See below .LP The command stability is evolving. The output format is unstable. .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBgetent\fR(1M), \fBaudit\fR(2), \fBgetauditflags\fR(3BSM), +\fBgetent\fR(1M), \fBaudit\fR(2), \fBgetauditflags\fR(3BSM), \fBgetpwuid\fR(3C), \fBgethostbyaddr\fR(3NSL), \fBethers\fR(3SOCKET), \fBgetipnodebyaddr\fR(3SOCKET), \fBaudit.log\fR(4), \fBaudit_class\fR(4), \fBaudit_event\fR(4), \fBgroup\fR(4), \fBnsswitch.conf\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5) -.sp -.LP -See the section on Solaris Auditing in \fISystem Administration Guide: Security -Services\fR. -.SH NOTES -.sp -.LP -This functionality is available only if the Solaris Auditing feature has been -enabled. See \fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man2/audit.2 b/usr/src/man/man2/audit.2 index 883feb3768..302a2ac835 100644 --- a/usr/src/man/man2/audit.2 +++ b/usr/src/man/man2/audit.2 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT 2 "Apr 16, 2008" +.TH AUDIT 2 "Mar 6, 2017" .SH NAME audit \- write a record to the audit log .SH SYNOPSIS @@ -17,7 +17,6 @@ cc [ \fIflag\fR ... ] \fIfile\fR ... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR .fi .SH DESCRIPTION -.sp .LP The \fBaudit()\fR function queues a record for writing to the system audit log. The data pointed to by \fIrecord\fR is queued for the log after a minimal @@ -32,12 +31,10 @@ not do any preselection for user-level generated events. If the audit policy is set to include sequence or trailer tokens, the kernel will append them to the record. .SH RETURN VALUES -.sp .LP Upon successful completion, \fB0\fR is returned. Otherwise, \fB\(mi1\fR is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS -.sp .LP The \fBaudit()\fR function will fail if: .sp @@ -73,7 +70,7 @@ The header token in the record is invalid. \fB\fBENOTSUP\fR\fR .ad .RS 11n -Solaris Audit is not defined for this system. +Audit is not defined for this system. .RE .sp @@ -87,11 +84,9 @@ the calling process. .RE .SH USAGE -.sp .LP Only privileged processes can successfully execute this call. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -109,15 +104,12 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBaudit\fR(1M), \fBauditd\fR(1M), \fBsvcadm\fR(1M), +\fBaudit\fR(1M), \fBauditd\fR(1M), \fBsvcadm\fR(1M), \fBauditon\fR(2), \fBgetaudit\fR(2), \fBaudit.log\fR(4), \fBattributes\fR(5), \fBprivileges\fR(5) .SH NOTES -.sp .LP -The functionality described in this man page is available only if the Solaris -Auditing has been enabled and the audit daemon \fBauditd\fR(1M) has not been -disabled by \fBaudit\fR(1M) or \fBsvcadm\fR(1M). See \fBbsmconv\fR(1M) for more -information. +The functionality described in this man page is available only if +the audit daemon \fBauditd\fR(1M) has not been +disabled by \fBaudit\fR(1M) or \fBsvcadm\fR(1M). diff --git a/usr/src/man/man2/auditon.2 b/usr/src/man/man2/auditon.2 index 2db3190caf..1d06bcd4da 100644 --- a/usr/src/man/man2/auditon.2 +++ b/usr/src/man/man2/auditon.2 @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDITON 2 "Apr 6, 2009" +.TH AUDITON 2 "Mar 6, 2017" .SH NAME auditon \- manipulate auditing .SH SYNOPSIS @@ -17,7 +18,6 @@ cc [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ .fi .SH DESCRIPTION -.sp .LP The \fBauditon()\fR function performs various audit subsystem control operations. The \fIcmd\fR argument designates the particular audit control @@ -33,7 +33,7 @@ The following commands are supported: .ad .sp .6 .RS 4n -Return the system audit on/off/disabled condition in the integer pointed to by +Return the system audit condition in the integer pointed to by \fIdata\fR. The following values can be returned: .sp .ne 2 @@ -41,16 +41,16 @@ Return the system audit on/off/disabled condition in the integer pointed to by \fB\fBAUC_AUDITING\fR\fR .ad .RS 16n -Auditing has been turned on. +Audit daemon is active. .RE .sp .ne 2 .na -\fB\fBAUC_DISABLED\fR\fR +\fB\fBAUC_INIT_AUDIT\fR\fR .ad .RS 16n -Auditing system has not been enabled. +Audit is ready but auditd has not run. .RE .sp @@ -59,7 +59,7 @@ Auditing system has not been enabled. \fB\fBAUC_NOAUDIT\fR\fR .ad .RS 16n -Auditing has been turned off. +Audit daemon is not active. .RE .sp @@ -81,8 +81,7 @@ Auditing has blocked due to lack of space in audit partition. .sp .6 .RS 4n Set the system's audit on/off condition to the value in the integer pointed to -by \fIdata\fR. The Solaris Audit subsystem must be enabled by \fBbsmconv\fR(1M) -before auditing can be turned on. The following audit states can be set: +by \fIdata\fR. The following audit states can be set: .sp .ne 2 .na @@ -161,7 +160,7 @@ preselect non-attributable audit events. Return the audit ID, preselection mask, terminal ID and audit session ID of the specified process in the \fBauditpinfo\fR structure pointed to by \fIdata\fR. .sp -Note that \fBA_GETPINFO\fR can fail if the termial ID contains a network +Note that \fBA_GETPINFO\fR can fail if the terminal ID contains a network address longer than 32 bits. In this case, the \fBA_GETPINFO_ADDR\fR command should be used. .RE @@ -492,12 +491,10 @@ Generate a zone ID token with each audit record. .RE .SH RETURN VALUES -.sp .LP Upon successful completion, \fBauditon()\fR returns \fB0\fR. Otherwise, \(mi1 is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS -.sp .LP The \fBauditon()\fR function will fail if: .sp @@ -525,7 +522,7 @@ The copy of data to/from the kernel failed. \fB\fBEINVAL\fR\fR .ad .RS 10n -One of the arguments was illegal, Solaris Audit has not been installed, or the +One of the arguments was illegal, Audit has not been installed, or the operation is not valid from a local zone. .RE @@ -545,7 +542,6 @@ asserted in the effective set of the calling process and the command is one of .RE .SH USAGE -.sp .LP The \fBauditon()\fR function can be invoked only by processes with appropriate privileges. @@ -558,7 +554,6 @@ permitted only in the global zone: \fBA_SETCOND\fR, \fBA_SETCLASS\fR, \fBA_SETKMASK\fR, \fBA_SETQCTRL\fR, \fBA_SETSTAT\fR, \fBA_SETFSIZE\fR, and \fBA_SETPOLICY\fR. All other \fBauditon()\fR commands are valid from any zone. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -576,16 +571,10 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP -\fBauditconfig\fR(1M), \fBauditd\fR(1M), \fBbsmconv\fR(1M), \fBaudit\fR(2), +\fBauditconfig\fR(1M), \fBauditd\fR(1M), \fBaudit\fR(2), \fBexec\fR(2), \fBaudit.log\fR(4), \fBattributes\fR(5), \fBprivileges\fR(5) .SH NOTES -.sp -.LP -The functionality described in this man page is available only if the Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP The auditon options that modify or display process-based information are not affected by the "perzone" audit policy. Those that modify system audit data diff --git a/usr/src/man/man2/getaudit.2 b/usr/src/man/man2/getaudit.2 index f7c498fda0..9094c2c052 100644 --- a/usr/src/man/man2/getaudit.2 +++ b/usr/src/man/man2/getaudit.2 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETAUDIT 2 "Apr 16, 2008" +.TH GETAUDIT 2 "Mar 6, 2017" .SH NAME getaudit, setaudit, getaudit_addr, setaudit_addr \- get or set process audit information @@ -33,7 +33,6 @@ cc [ \fIflag\fR ... ] \fIfile\fR ... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR .fi .SH DESCRIPTION -.sp .LP The \fBgetaudit()\fR function gets the audit \fBID\fR, the preselection mask, the terminal \fBID\fR and the audit session \fBID\fR for the current process. @@ -57,7 +56,7 @@ the size of the network address. .LP The \fBsetaudit_addr()\fR function sets the audit \fBID\fR, the preselection mask, the terminal \fBID\fR, and the audit session \fBID\fR for the current -process. The values are taken from the variable length struture +process. The values are taken from the variable length structure \fBauditinfo_addr\fR. The terminal \fBID\fR contains a size field that indicates the size of the network address. .sp @@ -89,13 +88,11 @@ au_asid_t ai_asid; /* audit session ID */ .in -2 .SH RETURN VALUES -.sp .LP Upon successful completion, \fBgetaudit()\fR and \fBsetaudit()\fR return \fB0\fR. Otherwise, \fB\(mi1\fR is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS -.sp .LP The \fBgetaudit()\fR and \fBsetaudit()\fR functions will fail if: .sp @@ -118,12 +115,10 @@ the calling process. .RE .SH USAGE -.sp .LP The calling process must have the {\fBPRIV_SYS_AUDIT\fR} privilege asserted in its effective set. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -141,11 +136,5 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp -.LP -\fBbsmconv\fR(1M), \fBaudit\fR(2), \fBattributes\fR(5) -.SH NOTES -.sp .LP -The functionality described in this man page is available only if the Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. +\fBaudit\fR(2), \fBattributes\fR(5) diff --git a/usr/src/man/man2/getauid.2 b/usr/src/man/man2/getauid.2 index cba39b5321..4c5d15d223 100644 --- a/usr/src/man/man2/getauid.2 +++ b/usr/src/man/man2/getauid.2 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETAUID 2 "Apr 16, 2008" +.TH GETAUID 2 "Mar 6, 2017" .SH NAME getauid, setauid \- get or set user audit identity .SH SYNOPSIS @@ -22,7 +22,6 @@ cc [ \fIflag\fR ... ] \fIfile\fR ... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR .fi .SH DESCRIPTION -.sp .LP The \fBgetauid()\fR function returns the audit user \fBID\fR for the current process. This value is initially set at login time and inherited by all child @@ -34,7 +33,6 @@ setuid program. The audit user \fBID\fR governs audit decisions for a process. The \fBsetauid()\fR function sets the audit user \fBID\fR for the current process. .SH RETURN VALUES -.sp .LP Upon successful completion, the \fBgetauid()\fR function returns the audit user \fBID\fR of the current process on success. Otherwise, it returns \fB\(mi1\fR @@ -45,7 +43,6 @@ Upon successful completion the \fBsetauid()\fR function returns \fB0\fR. Otherwise, \fB\(mi1\fR is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS -.sp .LP The \fBgetauid()\fR and \fBsetauid()\fR functions will fail if: .sp @@ -81,19 +78,12 @@ the calling process. .RE .SH USAGE -.sp .LP Only a process with appropriate privileges can successfully execute these calls. .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBaudit\fR(2), \fBgetaudit\fR(2), \fBprivileges\fR(5) +\fBaudit\fR(2), \fBgetaudit\fR(2), \fBprivileges\fR(5) .SH NOTES -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP These functions have been superseded by \fBgetaudit\fR(2) and \fBsetaudit()\fR. diff --git a/usr/src/man/man3/Intro.3 b/usr/src/man/man3/Intro.3 index 6bbef47d4c..62c952187e 100644 --- a/usr/src/man/man3/Intro.3 +++ b/usr/src/man/man3/Intro.3 @@ -4,7 +4,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH INTRO 3 "Jul 19, 2015" +.TH INTRO 3 "Mar 6, 2017" .SH NAME Intro, intro \- introduction to functions and libraries .SH DESCRIPTION @@ -444,7 +444,7 @@ libraries: .ad .sp .6 .RS 4n -These functions constitute the Solaris auditing library, \fBlibbsm\fR. This +These functions constitute the auditing library, \fBlibbsm\fR. This library is implemented as a shared object, \fBlibbsm.so\fR, but is not automatically linked by the C compilation system. Specify \fB-lbsm\fR on the \fBcc\fR command line to link with this library. See \fBlibbsm\fR(3LIB). diff --git a/usr/src/man/man3bsm/Makefile b/usr/src/man/man3bsm/Makefile index 06d559c7bc..682a18fba0 100644 --- a/usr/src/man/man3bsm/Makefile +++ b/usr/src/man/man3bsm/Makefile @@ -22,12 +22,9 @@ MANFILES= au_open.3bsm \ au_preselect.3bsm \ au_to.3bsm \ au_user_mask.3bsm \ - getacinfo.3bsm \ getauclassent.3bsm \ getauditflags.3bsm \ getauevent.3bsm \ - getauusernam.3bsm \ - getddent.3bsm \ getfauditflags.3bsm MANLINKS= au_close.3bsm \ @@ -55,15 +52,8 @@ MANLINKS= au_close.3bsm \ au_to_subject_ex.3bsm \ au_to_text.3bsm \ au_write.3bsm \ - endac.3bsm \ endauclass.3bsm \ endauevent.3bsm \ - endauuser.3bsm \ - endddent.3bsm \ - getacdir.3bsm \ - getacflg.3bsm \ - getacmin.3bsm \ - getacna.3bsm \ getauclassent_r.3bsm \ getauclassnam.3bsm \ getauclassnam_r.3bsm \ @@ -75,16 +65,8 @@ MANLINKS= au_close.3bsm \ getauevnonam.3bsm \ getauevnum.3bsm \ getauevnum_r.3bsm \ - getauuserent.3bsm \ - getauuserent_r.3bsm \ - getauusernam_r.3bsm \ - getddnam.3bsm \ - setac.3bsm \ setauclass.3bsm \ - setauevent.3bsm \ - setauuser.3bsm \ - setddent.3bsm \ - setddfile.3bsm + setauevent.3bsm au_close.3bsm := LINKSRC = au_open.3bsm au_write.3bsm := LINKSRC = au_open.3bsm @@ -113,13 +95,6 @@ au_to_subject.3bsm := LINKSRC = au_to.3bsm au_to_subject_ex.3bsm := LINKSRC = au_to.3bsm au_to_text.3bsm := LINKSRC = au_to.3bsm -endac.3bsm := LINKSRC = getacinfo.3bsm -getacdir.3bsm := LINKSRC = getacinfo.3bsm -getacflg.3bsm := LINKSRC = getacinfo.3bsm -getacmin.3bsm := LINKSRC = getacinfo.3bsm -getacna.3bsm := LINKSRC = getacinfo.3bsm -setac.3bsm := LINKSRC = getacinfo.3bsm - endauclass.3bsm := LINKSRC = getauclassent.3bsm getauclassent_r.3bsm := LINKSRC = getauclassent.3bsm getauclassnam.3bsm := LINKSRC = getauclassent.3bsm @@ -138,17 +113,6 @@ getauevnum.3bsm := LINKSRC = getauevent.3bsm getauevnum_r.3bsm := LINKSRC = getauevent.3bsm setauevent.3bsm := LINKSRC = getauevent.3bsm -endauuser.3bsm := LINKSRC = getauusernam.3bsm -getauuserent.3bsm := LINKSRC = getauusernam.3bsm -getauuserent_r.3bsm := LINKSRC = getauusernam.3bsm -getauusernam_r.3bsm := LINKSRC = getauusernam.3bsm -setauuser.3bsm := LINKSRC = getauusernam.3bsm - -endddent.3bsm := LINKSRC = getddent.3bsm -getddnam.3bsm := LINKSRC = getddent.3bsm -setddent.3bsm := LINKSRC = getddent.3bsm -setddfile.3bsm := LINKSRC = getddent.3bsm - .KEEP_STATE: include $(SRC)/man/Makefile.man diff --git a/usr/src/man/man3bsm/au_open.3bsm b/usr/src/man/man3bsm/au_open.3bsm index 54fa05aa26..cb023a5ddb 100644 --- a/usr/src/man/man3bsm/au_open.3bsm +++ b/usr/src/man/man3bsm/au_open.3bsm @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AU_OPEN 3BSM "Mar 31, 2005" +.TH AU_OPEN 3BSM "Mar 6, 2017" .SH NAME au_open, au_close, au_write \- construct and write audit records .SH SYNOPSIS @@ -26,7 +26,6 @@ au_open, au_close, au_write \- construct and write audit records .fi .SH DESCRIPTION -.sp .LP The \fBau_open()\fR function returns an audit record descriptor to which audit tokens can be written using \fBau_write()\fR. The audit record descriptor is an @@ -49,7 +48,6 @@ The \fBau_write()\fR function adds the audit token pointed to by \fIm\fR to the audit record identified by the descriptor \fId\fR. After this call is made the audit token is no longer available to the caller. .SH RETURN VALUES -.sp .LP Upon successful completion, \fBau_open()\fR returns an audit record descriptor. If a descriptor could not be allocated, \fBau_open()\fR returns \fB\(mi1\fR and @@ -68,7 +66,6 @@ invalid descriptor or \fIm\fR is an invalid token, or if \fBaudit()\fR fails, fails, \fBerrno\fR is set to one of the error values described on the \fBaudit\fR(2) manual page. .SH ERRORS -.sp .LP The \fBau_open()\fR function will fail if: .sp @@ -92,7 +89,6 @@ later. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -110,12 +106,6 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBaudit\fR(2), \fBauditon\fR(2), \fBau_preselect\fR(3BSM), +\fBaudit\fR(2), \fBauditon\fR(2), \fBau_preselect\fR(3BSM), \fBau_to\fR(3BSM), \fBfree\fR(3C), \fBattributes\fR(5) -.SH NOTES -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man3bsm/au_preselect.3bsm b/usr/src/man/man3bsm/au_preselect.3bsm index 4870542f8b..d18444762a 100644 --- a/usr/src/man/man3bsm/au_preselect.3bsm +++ b/usr/src/man/man3bsm/au_preselect.3bsm @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AU_PRESELECT 3BSM "Mar 31, 2005" +.TH AU_PRESELECT 3BSM "Mar 6, 2017" .SH NAME au_preselect \- preselect an audit event .SH SYNOPSIS @@ -16,7 +16,6 @@ au_preselect \- preselect an audit event .fi .SH DESCRIPTION -.sp .LP The \fBau_preselect()\fR function determines whether the audit event \fIevent\fR is preselected against the binary preselection mask pointed to by @@ -90,14 +89,12 @@ invocation. This option is much faster. .RE .SH RETURN VALUES -.sp .LP Upon successful completion,\fBau_preselect()\fR returns 0 if \fIevent\fR is not preselected or 1 if \fIevent\fR is preselected. If \fBau_preselect()\fR could not allocate memory or could not find \fIevent\fR in the \fBaudit_event\fR(4) database, \(mi1 is returned. .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit_class\fR\fR @@ -112,11 +109,11 @@ file mapping audit class number to audit class names and descriptions \fB\fB/etc/security/audit_event\fR\fR .ad .RS 29n -file mappint audit even number to audit event names and associates +file mapping audit event number to audit event names, descriptions and +associated audit classes .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for a description of the following attributes: .sp @@ -134,18 +131,12 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBgetaudit\fR(2), \fBau_open\fR(3BSM), +\fBgetaudit\fR(2), \fBau_open\fR(3BSM), \fBgetauclassent\fR(3BSM), \fBgetauevent\fR(3BSM), \fBmalloc\fR(3C), \fBaudit_class\fR(4), \fBaudit_event\fR(4), \fBattributes\fR(5) .SH NOTES -.sp .LP The \fBau_preselect()\fR function is normally called prior to constructing and writing an audit record. If the event is not preselected, the overhead of -constructing and writing the record can be saved. -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. +constructing and writing the record can be saved. diff --git a/usr/src/man/man3bsm/au_to.3bsm b/usr/src/man/man3bsm/au_to.3bsm index 20ed6f7a51..623a4175d5 100644 --- a/usr/src/man/man3bsm/au_to.3bsm +++ b/usr/src/man/man3bsm/au_to.3bsm @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AU_TO 3BSM "Mar 31, 2005" +.TH AU_TO 3BSM "Mar 6, 2017" .SH NAME au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd, au_to_data, au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport, au_to_me, au_to_newgroups, @@ -138,7 +138,6 @@ au_to_text \- create audit record tokens .fi .SH DESCRIPTION -.sp .LP The \fBau_to_arg()\fR, \fBau_to_arg32()\fR, and \fBau_to_arg64()\fR functions format the data in \fIv\fR into an "argument token". The \fIn\fR argument @@ -251,12 +250,10 @@ address),\fR into a "subject token". This function should be used in place of The \fBau_to_text()\fR function formats the null-terminated string pointed to by \fItext\fR into a "text token". .SH RETURN VALUES -.sp .LP These functions return \fINULL\fR if memory cannot be allocated to put the resultant token into, or if an error in the input is detected. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for a description of the following attributes: .sp @@ -274,11 +271,5 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp -.LP -\fBbsmconv\fR(1M), \fBau_open\fR(3BSM), \fBattributes\fR(5) -.SH NOTES -.sp .LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. +\fBau_open\fR(3BSM), \fBattributes\fR(5) diff --git a/usr/src/man/man3bsm/au_user_mask.3bsm b/usr/src/man/man3bsm/au_user_mask.3bsm index e884d39ccb..b5901051be 100644 --- a/usr/src/man/man3bsm/au_user_mask.3bsm +++ b/usr/src/man/man3bsm/au_user_mask.3bsm @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AU_USER_MASK 3BSM "Mar 31, 2005" +.TH AU_USER_MASK 3BSM "Mar 6, 2017" .SH NAME au_user_mask \- get user's binary preselection mask .SH SYNOPSIS @@ -16,55 +17,33 @@ au_user_mask \- get user's binary preselection mask .fi .SH DESCRIPTION -.sp .LP -The \fBau_user_mask()\fR function reads the default, system wide audit classes -from \fBaudit_control\fR(4), combines them with the per-user audit classes -from the \fBaudit_user\fR(4) database, and updates the binary preselection mask -pointed to by \fImask_p\fR with the combined value. +The \fBau_user_mask()\fR function reads the default, system wide audit classes, +combines them with the per-user audit classes, and updates the binary +preselection mask pointed to by \fImask_p\fR with the combined value. .sp .LP -The audit flags in the \fIflags\fR field of the \fBaudit_control\fR(4) database -and the \fIalways-audit-flags\fR and \fInever-audit-flags\fR from the -\fBaudit_user\fR(4) database represent binary audit classes. These fields are -combined by \fBau_preselect\fR(3BSM) as follows: +The audit preselection mask is constructed as follows: .sp -.LP -mask = ( \fIflags\fR + \fIalways-audit-flags\fR) \(mi \fInever-audit-flags\fR +.in +2 +.nf +success flags = + (system default success flags + per-user always success flags) + - per-user never success flags +failure flags = + (system default failure flags + per-user always failure flags) + - per-user never failure flags +.fi +.in -2 .sp .LP -The \fBau_user_mask()\fR function fails only if both the both the -\fBaudit_control\fR(4) and the \fBaudit_user\fR(4) database entries could not -be retrieved. This allows for flexible configurations. +The \fBau_user_mask()\fR function fails only if the system wide audit flags +could not be retrieved. .SH RETURN VALUES -.sp .LP -Upon successful completion, \fBau_user_mask()\fR returns 0. It fails and -returns \(mi1 if both the \fBaudit_control\fR(4) and the \fBaudit_user\fR(4) -database entries could not be retrieved. -.SH FILES -.sp -.ne 2 -.na -\fB\fB/etc/security/audit_control\fR\fR -.ad -.sp .6 -.RS 4n -file containing default parameters read by the audit daemon, \fBauditd\fR(1M) -.RE - -.sp -.ne 2 -.na -\fB\fB/etc/security/audit_user\fR\fR -.ad -.sp .6 -.RS 4n -file that stores per-user audit event mask -.RE +Upon successful completion, \fBau_user_mask()\fR returns 0. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -82,13 +61,10 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP -\fBlogin\fR(1), \fBbsmconv\fR(1M), \fBgetaudit\fR(2), \fBsetaudit\fR(2), -\fBau_preselect\fR(3BSM), \fBgetacinfo\fR(3BSM), \fBgetauusernam\fR(3BSM), -\fBaudit_control\fR(4), \fBaudit_user\fR(4), \fBattributes\fR(5) +\fBlogin\fR(1), \fBgetaudit\fR(2), \fBsetaudit\fR(2), +\fBau_preselect\fR(3BSM), \fBattributes\fR(5) .SH NOTES -.sp .LP The \fBau_user_mask()\fR function should be called by programs like \fBlogin\fR(1) which set a process's preselection mask with \fBsetaudit\fR(2). @@ -96,5 +72,5 @@ The \fBau_user_mask()\fR function should be called by programs like current process. .sp .LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. +If global zone auditing is set, a local zone cannot reduce the default +flags. diff --git a/usr/src/man/man3bsm/getacinfo.3bsm b/usr/src/man/man3bsm/getacinfo.3bsm deleted file mode 100644 index 93df8c1a98..0000000000 --- a/usr/src/man/man3bsm/getacinfo.3bsm +++ /dev/null @@ -1,196 +0,0 @@ -'\" te -.\" Copyright (c) 2005, Sun Microsystems, Inc. -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETACINFO 3BSM "Mar 31, 2005" -.SH NAME -getacinfo, getacdir, getacflg, getacmin, getacna, setac, endac \- get audit -control file information -.SH SYNOPSIS -.LP -.nf -\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ] -#include <bsm/libbsm.h> - -\fBint\fR \fBgetacdir\fR(\fB char *\fR\fIdir\fR, \fBint\fR \fIlen\fR); -.fi - -.LP -.nf -\fBint\fR \fBgetacmin\fR(\fB int *\fR\fImin_val\fR); -.fi - -.LP -.nf -\fBint\fR \fBgetacflg\fR(\fB char *\fR\fIauditstring\fR, \fBint\fR \fIlen\fR); -.fi - -.LP -.nf -\fBint\fR \fBgetacna\fR(\fB char *\fR\fIauditstring\fR, \fBint\fR \fIlen\fR); -.fi - -.LP -.nf -\fBvoid\fR \fBsetac\fR(\fBvoid\fR); -.fi - -.LP -.nf -\fBvoid\fR \fBendac\fR(\fBvoid\fR); -.fi - -.SH DESCRIPTION -.sp -.LP -When first called, \fBgetacdir()\fR provides information about the first audit -directory in the \fBaudit_control\fR file. Thereafter, it returns the next -directory in the file. Successive calls list all the directories listed in -\fBaudit_control\fR(4) The \fIlen\fR argument specifies the length of the -buffer \fIdir\fR. On return, \fIdir\fR points to the directory entry. -.sp -.LP -The \fBgetacmin()\fR function reads the minimum value from the -\fBaudit_control\fR file and returns the value in \fImin_val\fR. The minimum -value specifies how full the file system to which the audit files are being -written can get before the script \fBaudit_warn\fR(1M) is invoked. -.sp -.LP -The \fBgetacflg()\fR function reads the system audit value from the -\fBaudit_control\fR file and returns the value in \fIauditstring\fR. The -\fIlen\fR argument specifies the length of the buffer \fIauditstring\fR. -.sp -.LP -The \fBgetacna()\fR function reads the system audit value for non-attributable -audit events from the \fBaudit_control\fR file and returns the value in -\fIauditstring\fR. The \fIlen\fR argument specifies the length of the buffer -\fIauditstring\fR. Non-attributable events are events that cannot be attributed -to an individual user. The \fBinetd\fR(1M) utility and several other daemons -record non-attributable events. -.sp -.LP -The \fBsetac()\fR function rewinds the \fBaudit_control\fR file to allow -repeated searches. -.sp -.LP -The \fBendac()\fR function closes the \fBaudit_control\fR file when processing -is complete. -.SH FILES -.sp -.ne 2 -.na -\fB\fB/etc/security/audit_control\fR\fR -.ad -.sp .6 -.RS 4n -file containing default parameters read by the audit daemon, \fBauditd\fR(1M) -.RE - -.SH RETURN VALUES -.sp -.LP -The \fBgetacdir()\fR, \fBgetacflg()\fR, \fBgetacna()\fR, and \fBgetacmin()\fR -functions return: -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.RS 9n -on success. -.RE - -.sp -.ne 2 -.na -\fB\fB\(mi2\fR\fR -.ad -.RS 9n -on failure and set \fBerrno\fR to indicate the error. -.RE - -.sp -.LP -The \fBgetacmin()\fR and \fBgetacflg()\fR functions return: -.sp -.ne 2 -.na -\fB\fB1\fR\fR -.ad -.RS 5n -on \fBEOF.\fR -.RE - -.sp -.LP -The \fBgetacdir()\fR function returns: -.sp -.ne 2 -.na -\fB\fB\(mi1\fR\fR -.ad -.RS 9n -on \fBEOF.\fR -.RE - -.sp -.ne 2 -.na -\fB\fB2\fR\fR -.ad -.RS 9n -if the directory search had to start from the beginning because one of the -other functions was called between calls to \fBgetacdir()\fR. -.RE - -.sp -.LP -These functions return: -.sp -.ne 2 -.na -\fB\fB\(mi3\fR\fR -.ad -.RS 9n -if the directory entry format in the \fBaudit_control\fR file is incorrect. -.RE - -.sp -.LP -The \fBgetacdir()\fR, \fBgetacflg()\fR, and \fBgetacna()\fR functions return: -.sp -.ne 2 -.na -\fB\fB\(mi3\fR\fR -.ad -.RS 9n -if the input buffer is too short to accommodate the record. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -MT-Level Safe -.TE - -.SH SEE ALSO -.sp -.LP -\fBaudit_warn\fR(1M), \fBbsmconv\fR(1M), \fBinetd\fR(1M), -\fBaudit_control\fR(4), \fBattributes\fR(5) -.SH NOTES -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man3bsm/getauclassent.3bsm b/usr/src/man/man3bsm/getauclassent.3bsm index c2b789a3ce..db4101ebd8 100644 --- a/usr/src/man/man3bsm/getauclassent.3bsm +++ b/usr/src/man/man3bsm/getauclassent.3bsm @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETAUCLASSENT 3BSM "Mar 31, 2005" +.TH GETAUCLASSENT 3BSM "Mar 6, 2017" .SH NAME getauclassent, getauclassnam, setauclass, endauclass, getauclassnam_r, getauclassent_r \- get audit_class entry @@ -44,7 +44,6 @@ getauclassent_r \- get audit_class entry .fi .SH DESCRIPTION -.sp .LP The \fBgetauclassent()\fR function and \fBgetauclassnam()\fR each return an \fBaudit_class\fR entry. @@ -80,7 +79,7 @@ bytes for the \fBac_name\fR and \fBac_desc\fR members of the \fBau_class_ent_t\fR data structure. .sp .LP -The internal representation of an \fBaudit_user\fR entry is an +The internal representation of an \fBaudit_class\fR entry is an \fBau_class_ent\fR structure defined in <\fBbsm/libbsm.h\fR> with the following members: .sp @@ -93,7 +92,6 @@ char *ac_desc; .in -2 .SH RETURN VALUES -.sp .LP The \fBgetauclassnam()\fR and \fBgetauclassnam_r()\fR functions return a pointer to a \fBau_class_ent\fR structure if they successfully locate the @@ -104,7 +102,6 @@ The \fBgetauclassent()\fR and \fBgetauclassent_r()\fR functions return a pointer to a \fBau_class_ent\fR structure if they successfully enumerate an entry. Otherwise they return \fINULL\fR, indicating the end of the enumeration. .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit_class\fR\fR @@ -114,7 +111,6 @@ file that aps audit class numbers to audit class names .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -137,16 +133,10 @@ All of the functions described on this man-page are MT-Safe except functionality as the Unsafe functions, but have a slightly different function call interface to make them MT-Safe. .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBaudit_class\fR(4), \fBaudit_event\fR(4), +\fBaudit_class\fR(4), \fBaudit_event\fR(4), \fBattributes\fR(5) .SH NOTES -.sp .LP All information is contained in a static area, so it must be copied if it is to be saved. -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man3bsm/getauditflags.3bsm b/usr/src/man/man3bsm/getauditflags.3bsm index f7f02a5746..47a2008921 100644 --- a/usr/src/man/man3bsm/getauditflags.3bsm +++ b/usr/src/man/man3bsm/getauditflags.3bsm @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETAUDITFLAGS 3BSM "Mar 31, 2005" +.TH GETAUDITFLAGS 3BSM "Mar 6, 2017" .SH NAME getauditflags, getauditflagsbin, getauditflagschar \- convert audit flag specifications @@ -23,13 +23,11 @@ specifications .fi .SH DESCRIPTION -.sp .LP The \fBgetauditflagsbin()\fR function converts the character representation of audit values pointed to by \fIauditstring\fR into \fBau_mask_t\fR fields pointed to by \fImasks\fR. These fields indicate which events are to be audited -when they succeed and which are to be audited when they fail. The character -string syntax is described in \fBaudit_control\fR(4). +when they succeed and which are to be audited when they fail. .sp .LP The \fBgetauditflagschar()\fR function converts the \fBau_mask_t\fR fields @@ -45,12 +43,10 @@ identifying a single audit class, separated by commas. The \fBau_mask_t\fR fields pointed to by \fImasks\fR correspond to binary values defined in <\fBbsm/audit.h\fR>, which is read by <\fBbsm/libbsm.h\fR>. .SH RETURN VALUES -.sp .LP Upon successful completion, \fBgetauditflagsbin()\fR and \fBgetauditflagschar()\fR return 0. Otherwise they return \(mi1. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -66,16 +62,8 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBaudit.log\fR(4), \fBaudit_control\fR(4), -\fBattributes\fR(5) +\fBaudit.log\fR(4), \fBattributes\fR(5) .SH BUGS -.sp .LP This is not a very extensible interface. -.SH NOTES -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man3bsm/getauevent.3bsm b/usr/src/man/man3bsm/getauevent.3bsm index faa9b39a58..ef689b9d82 100644 --- a/usr/src/man/man3bsm/getauevent.3bsm +++ b/usr/src/man/man3bsm/getauevent.3bsm @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETAUEVENT 3BSM "Jun 25, 2008" +.TH GETAUEVENT 3BSM "Mar 6, 2017" .SH NAME getauevent, getauevnam, getauevnum, getauevnonam, setauevent, endauevent, getauevent_r, getauevnam_r, getauevnum_r \- get audit_event entry @@ -59,7 +59,6 @@ getauevent_r, getauevnam_r, getauevnum_r \- get audit_event entry .fi .SH DESCRIPTION -.sp .LP These functions document the programming interface for obtaining entries from the \fBaudit_event\fR(4) file. The \fBgetauevent()\fR, \fBgetauevnam()\fR, @@ -121,7 +120,6 @@ au_class_t ae_class; .in -2 .SH RETURN VALUES -.sp .LP The \fBgetauevent()\fR, \fBgetauevnam()\fR, \fBgetauevnum()\fR, \fBgetauevent_r()\fR, \fBgetauevnam_r()\fR, and \fBgetauevnum_r()\fR functions @@ -133,7 +131,6 @@ The \fBgetauevnonam()\fR function returns an event number of type \fBau_event_t\fR if it successfully enumerates an entry. Otherwise it returns \fINULL\fR, indicating it could not find the requested event name. .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit_event\fR\fR @@ -152,7 +149,6 @@ file that stores user-ID to username mappings .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -174,18 +170,12 @@ are Unsafe. The equivalent functions \fBgetauevent_r()\fR, \fBgetauevnam_r()\fR, and \fBgetauevnum_r()\fR provide the same functionality and an MT-Safe function call interface. .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBgetauclassent\fR(3BSM), \fBgetpwnam\fR(3C), +\fBgetauclassent\fR(3BSM), \fBgetpwnam\fR(3C), \fBaudit_class\fR(4), \fBaudit_event\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5) .SH NOTES -.sp .LP All information for the \fBgetauevent()\fR, \fBgetauevnam()\fR, and \fBgetauevnum()\fR functions is contained in a static area, so it must be copied if it is to be saved. -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man3bsm/getauusernam.3bsm b/usr/src/man/man3bsm/getauusernam.3bsm deleted file mode 100644 index 305d67fbee..0000000000 --- a/usr/src/man/man3bsm/getauusernam.3bsm +++ /dev/null @@ -1,158 +0,0 @@ -'\" te -.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved. -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETAUUSERNAM 3BSM "Mar 31, 2005" -.SH NAME -getauusernam, getauuserent, setauuser, endauuser, getauusernam_r, -getauuserent_r \- get audit_user entry -.SH SYNOPSIS -.LP -.nf -\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ] -#include <sys/param.h> -#include <bsm/libbsm.h> - -\fBstruct au_user_ent *\fR\fBgetauusernam\fR(\fBconst char *\fR\fIname\fR); -.fi - -.LP -.nf -\fBstruct au_user_ent *\fR\fBgetauuserent\fR(\fBvoid\fR); -.fi - -.LP -.nf -\fBvoid\fR \fBsetauuser\fR(\fBvoid\fR); -.fi - -.LP -.nf -\fBvoid\fR \fBendauuser\fR(\fBvoid\fR); -.fi - -.LP -.nf -\fBstruct au_user_ent *\fR\fBgetauusernam_r\fR(\fBau_user_ent_t *\fR\fIu\fR, \fBconst char *\fR\fIname\fR); -.fi - -.LP -.nf -\fBstruct au_user_ent *\fR\fBgetauuserent_r\fR(\fBau_user_ent_t *\fR\fIu\fR); -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBgetauuserent()\fR, \fBgetauusernam()\fR, \fBgetauuserent_r()\fR, and -\fBgetauusernam_r()\fR functions each return an \fBaudit_user\fR entry. Entries -can come from any of the sources specified in the \fB/etc/nsswitch.conf\fR file -(see \fBnsswitch.conf\fR(4)). -.sp -.LP -The \fBgetauusernam()\fR and \fBgetauusernam_r()\fR functions search for an -\fBaudit_user\fR entry with a given login name \fIname\fR. -.sp -.LP -The \fBgetauuserent()\fR and \fBgetauuserent_r()\fR functions enumerate -\fBaudit_user\fR entries; successive calls to these functions will return -either successive \fBaudit_user\fR entries or \fINULL\fR. -.sp -.LP -The \fBsetauuser()\fR function "rewinds" to the beginning of the enumeration of -\fBaudit_user\fR entries. Calls to \fBgetauusernam()\fR and -\fBgetauusernam_r()\fR may leave the enumeration in an indeterminate state, so -\fBsetauuser()\fR should be called before the first call to -\fBgetauuserent()\fR or \fBgetauuserent_r()\fR. -.sp -.LP -The \fBendauuser()\fR function may be called to indicate that \fBaudit_user\fR -processing is complete; the system may then close any open \fBaudit_user\fR -file, deallocate storage, and so forth. -.sp -.LP -The \fBgetauuserent_r()\fR and \fBgetauusernam_r()\fR functions both take as an -argument a pointer to an \fBau_user_ent\fR that is returned on successful -function calls. -.sp -.LP -The internal representation of an \fBaudit_user\fR entry is an -\fBau_user_ent\fR structure defined in <\fBbsm/libbsm.h\fR> with the following -members: -.sp -.in +2 -.nf -char *au_name; -au_mask_t au_always; -au_mask_t au_never; -.fi -.in -2 - -.SH RETURN VALUES -.sp -.LP -The \fBgetauusernam()\fR function returns a pointer to a \fBau_user_ent\fR -structure if it successfully locates the requested entry. Otherwise it returns -\fINULL\fR. -.sp -.LP -The \fBgetauuserent()\fR function returns a pointer to a \fBau_user_ent\fR -structure if it successfully enumerates an entry. Otherwise it returns -\fINULL\fR, indicating the end of the enumeration. -.SH USAGE -.sp -.LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.SH FILES -.sp -.ne 2 -.na -\fB\fB/etc/security/audit_user\fR\fR -.ad -.RS 28n -file that stores per-user audit event mask -.RE - -.sp -.ne 2 -.na -\fB\fB/etc/passwd\fR\fR -.ad -.RS 28n -file that stores user ID to username mappings -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -MT-Level MT-Safe with exceptions -.TE - -.SH SEE ALSO -.sp -.LP -\fBbsmconv\fR(1M), \fBgetpwnam\fR(3C), \fBaudit_user\fR(4), -\fBnsswitch.conf\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5) -.SH NOTES -.sp -.LP -All information for the \fBgetauuserent()\fR and \fBgetauusernam()\fR functions -is contained in a static area, so it must be copied if it is to be saved. -.sp -.LP -The \fBgetauusernam()\fR and \fBgetauuserent()\fR functions are Unsafe in -multithreaded applications. The \fBgetauusernam_r()\fR and -\fBgetauuserent_r()\fR functions provide the same functionality with interfaces -that are MT-Safe. diff --git a/usr/src/man/man3bsm/getddent.3bsm b/usr/src/man/man3bsm/getddent.3bsm deleted file mode 100644 index 48f1d433cb..0000000000 --- a/usr/src/man/man3bsm/getddent.3bsm +++ /dev/null @@ -1,130 +0,0 @@ -'\" te -.\" Copyright 2000 by Sun Microsystems, Inc. All rights reserved. -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETDDENT 3BSM "Jan 11, 2001" -.SH NAME -getddent, getddnam, setddent, endddent, setddfile \- get device_deallocate -entry -.SH SYNOPSIS -.LP -.nf -\fBcc \fR [\fIflag\fR]... \fIfile\fR... \fB-lbsm\fR [\fIlibrary\fR]... -.fi - -.LP -.nf -#include <bsm/devices.h> - -\fBdevdealloc_t *\fR\fBgetddent\fR(\fBvoid\fR); -.fi - -.LP -.nf -\fBdevdealloc_t *\fR\fBgetddnam\fR(\fBchar *\fR\fIname\fR); -.fi - -.LP -.nf -\fBvoid\fR \fBsetddent\fR(\fBvoid\fR); -.fi - -.LP -.nf -\fBvoid\fR \fBendddent\fR(\fBvoid\fR); -.fi - -.LP -.nf -\fBvoid\fR \fBsetddfile\fR(\fBchar *\fR\fIfile\fR); -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBgetddent()\fR and \fBgetddnam()\fR functions each return a -\fBdevice_deallocate\fR entry. The \fBgetddent()\fR function enumerates all -\fBdevice_deallocate\fR entries. Successive calls to this function return -either successive \fBdevice_deallocate\fR entries or \fINULL\fR. The -\fBgetddnam()\fR function searches for a \fBdevice_deallocate\fR entry with a -given device name. -.sp -.LP -The internal representation of a \fBdevice_deallocate\fR entry is a -\fBdevdealloc_t\fR structure defined in <\fBbsm/devices.h\fR> with the -following members: -.sp -.in +2 -.nf -char *dd_devname; /* device allocation name */ -char *dd_logout; /* deallocation action on user logout */ -char *dd_boot; /* deallocation action on system boot */ -.fi -.in -2 - -.sp -.LP -The \fBsetddent()\fR function "rewinds" to the beginning of the enumeration of -\fBdevice_deallocate\fR entries. Calls to \fBgetddnam()\fR may leave the -enumeration in an indeterminate state, so \fBsetddent()\fR should be called -before the first call to \fBgetddent()\fR. -.sp -.LP -The \fBendddent()\fR function can be called to indicate that -\fBdevice_deallocate\fR processing is complete. The library can then close any -open\fBdevice_deallocate\fR file, deallocate any internal storage, and so -forth. -.sp -.LP -The \fBsetddfile()\fR function changes the pathname used by the other functions -for opening the \fBdevice_deallocate\fR file, allowing use of -\fBdevice_deallocate\fR files other than the default file, -\fB/etc/security/device_deallocate\fR. -.SH RETURN VALUES -.sp -.LP -The \fBgetddent()\fR function returns a pointer to a \fBdevdealloc_t\fR if it -successfully enumerates an entry. Otherwise it returns \fINULL\fR, indicating -the end of the enumeration. -.sp -.LP -The \fBgetddnam()\fR function returns a pointer to a \fBdevdealloc_t\fR if it -successfully locates the requested entry. Otherwise it returns \fINULL\fR. -.SH FILES -.sp -.ne 2 -.na -\fB\fB/etc/security/device_deallocate\fR\fR -.ad -.sp .6 -.RS 4n -Administrative file defining parameters for device deallocation. -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -MT-Level Unsafe -.TE - -.SH SEE ALSO -.sp -.LP -\fBfree\fR(3C), \fBattributes\fR(5) -.SH NOTES -.sp -.LP -The \fBgetddent()\fR and \fBgetddnam()\fR functions allocate memory for the -pointers they return. This memory can be deallocated with the \fBfree\fR(3C) -function. diff --git a/usr/src/man/man3bsm/getfauditflags.3bsm b/usr/src/man/man3bsm/getfauditflags.3bsm index c3babbf04a..1f9f0b1ea4 100644 --- a/usr/src/man/man3bsm/getfauditflags.3bsm +++ b/usr/src/man/man3bsm/getfauditflags.3bsm @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GETFAUDITFLAGS 3BSM "Mar 31, 2005" +.TH GETFAUDITFLAGS 3BSM "Mar 6, 2017" .SH NAME getfauditflags \- generate process audit state .SH SYNOPSIS @@ -18,13 +18,9 @@ getfauditflags \- generate process audit state .fi .SH DESCRIPTION -.sp .LP The \fBgetfauditflags()\fR function generates a process audit state by -combining the audit masks passed as parameters with the system audit masks -specified in the \fBaudit_control\fR(4) file. The \fBgetfauditflags()\fR -function obtains the system audit value by calling \fBgetacflg()\fR (see -\fBgetacinfo\fR(3BSM)). +combining the audit masks passed as parameters with the system audit masks. .sp .LP The \fIusremasks\fR argument points to \fBau_mask_t\fR fields that contains two @@ -39,12 +35,6 @@ succeed. The second value defines which events are never to be audited when they fail. .sp .LP -The structures pointed to by \fIusremasks\fR and \fIusrdmasks\fR can be -obtained from the \fBaudit_user\fR(4) file by calling \fBgetauusernam\fR(3BSM), -which returns a pointer to a strucure containing all \fBaudit_user\fR(4) fields -for a user. -.sp -.LP The output of this function is stored in \fIlastmasks\fR, a pointer of type \fBau_mask_t\fR as well. The first value defines which events are to be audited when they succeed and the second defines which events are to be audited when @@ -54,12 +44,10 @@ they fail. Both \fIusremasks\fR and \fIusrdmasks\fR override the values in the system audit values. .SH RETURN VALUES -.sp .LP Upon successful completion, \fBgetfauditflags()\fR returns 0. Otherwise it returns \fB\(mi1\fR\&. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -75,13 +63,5 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp -.LP -\fBbsmconv\fR(1M), \fBgetacinfo\fR(3BSM), \fBgetauditflags\fR(3BSM), -\fBgetauusernam\fR(3BSM), \fBaudit.log\fR(4), \fBaudit_control\fR(4), -\fBaudit_user\fR(4), \fBattributes\fR(5) -.SH NOTES -.sp .LP -The functionality described on this manual page is available only if the -Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. +\fBgetauditflags\fR(3BSM), \fBaudit.log\fR(4), \fBattributes\fR(5) diff --git a/usr/src/man/man3lib/libbsm.3lib b/usr/src/man/man3lib/libbsm.3lib index f09a63b316..f0e40da890 100644 --- a/usr/src/man/man3lib/libbsm.3lib +++ b/usr/src/man/man3lib/libbsm.3lib @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LIBBSM 3LIB "Mar 24, 2004" +.TH LIBBSM 3LIB "Mar 6, 2017" .SH NAME libbsm \- basic security library .SH SYNOPSIS @@ -13,12 +13,10 @@ cc [ \fIflag\fR... ] \fIfile\fR. \fB-lbsm\fR [ \fIlibrary\fR... ] .fi .SH DESCRIPTION -.sp .LP Functions in this library provide basic security, library object reuse, and auditing. .SH INTERFACES -.sp .LP The shared object \fBlibbsm.so.1\fR provides the public interfaces defined below. See \fBIntro\fR(3) for additional information on shared object @@ -44,11 +42,8 @@ l l . \fBau_to_subject_ex\fR \fBau_to_text\fR \fBau_user_mask\fR \fBau_write\fR \fBaudit\fR \fBauditon\fR -\fBauditsvc\fR \fBendac\fR -\fBendauclass\fR \fBendauevent\fR -\fBendauuser\fR \fBgetacdir\fR -\fBgetacflg\fR \fBgetacmin\fR -\fBgetacna\fR \fBgetauclassent\fR +\fBauditsvc\fR \fBendauclass\fR +\fBendauevent\fR \fBgetauclassent\fR \fBgetauclassent_r\fR \fBgetauclassnam\fR \fBgetauclassnam_r\fR \fBgetaudit\fR \fBgetaudit_addr\fR \fBgetauditflagsbin\fR @@ -56,19 +51,14 @@ l l . \fBgetauevent_r\fR \fBgetauevnam\fR \fBgetauevnam_r\fR \fBgetauevnonam\fR \fBgetauevnum\fR \fBgetauevnum_r\fR -\fBgetauid\fR \fBgetauuserent\fR -\fBgetauuserent_r\fR \fBgetauusernam\fR -\fBgetauusernam_r\fR \fBgetfauditflags\fR -\fBsetac\fR \fBsetauclass\fR -\fBsetauclassfile\fR \fBsetaudit\fR -\fBsetaudit_addr\fR \fBsetauevent\fR -\fBsetaueventfile\fR \fBsetauid\fR -\fBsetauuser\fR \fBsetauuserfile\fR -\fBtestac\fR +\fBgetauid\fR \fBgetfauditflags\fR +\fBsetauclass\fR \fBsetauclassfile\fR +\fBsetaudit\fR \fBsetaudit_addr\fR +\fBsetauevent\fR \fBsetaueventfile\fR +\fBsetauid\fR \fBtestac\fR .TE .SH FILES -.sp .ne 2 .na \fB\fB/lib/libbsm.so.1\fR\fR @@ -87,7 +77,6 @@ shared object .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -104,6 +93,5 @@ T} .TE .SH SEE ALSO -.sp .LP \fBpvs\fR(1), \fBIntro\fR(3), \fBattributes\fR(5) diff --git a/usr/src/man/man4/Makefile b/usr/src/man/man4/Makefile index afdebd1834..5d3a176ef7 100644 --- a/usr/src/man/man4/Makefile +++ b/usr/src/man/man4/Makefile @@ -28,9 +28,7 @@ _MANFILES= Intro.4 \ au.4 \ audit.log.4 \ audit_class.4 \ - audit_control.4 \ audit_event.4 \ - audit_user.4 \ auth_attr.4 \ autofs.4 \ bart_manifest.4 \ diff --git a/usr/src/man/man4/audit.log.4 b/usr/src/man/man4/audit.log.4 index c858adf0fc..44c9b17e9c 100644 --- a/usr/src/man/man4/audit.log.4 +++ b/usr/src/man/man4/audit.log.4 @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT.LOG 4 "May 29, 2009" +.TH AUDIT.LOG 4 "Mar 6, 2017" .SH NAME audit.log \- audit trail file .SH SYNOPSIS @@ -18,19 +19,18 @@ audit.log \- audit trail file .fi .SH DESCRIPTION -.sp .LP \fBaudit.log\fR files are the depository for audit records stored locally or on -an on an NFS-mounted audit server. These files are kept in directories named in -the file \fBaudit_control\fR(4) using the \fBdir\fR option. They are named to -reflect the time they are created and are, when possible, renamed to reflect -the time they are closed as well. The name takes the form +an NFS-mounted audit server. These files are kept in directories as specified +by the \fBp_dir\fR attribute of the \fBaudit_binfile\fR(5) plugin. They are +named to reflect the time they are created and are, when possible, renamed to +reflect the time they are closed as well. The name takes the form .sp .LP \fIyyyymmddhhmmss\fR\fB\&.not_terminated.\fR\fIhostname\fR .sp .LP -when open or if the \fBauditd\fR(1M) terminated ungracefully, and the form +when open or if \fBauditd\fR(1M) terminated ungracefully, and the form .sp .LP \fIyyyymmddhhmmss\fR\fB\&.\fR\fIyyyymmddhhmmss\fR\fB\&.\fR\fIhostname\fR @@ -42,7 +42,7 @@ in the month, \fBhh\fR hour in the day, \fBmm\fR minute in the hour, and .sp .LP Audit data is generated in the binary format described below; the default for -Solaris audit is binary format. See \fBaudit_syslog\fR(5) for an alternate data +audit is binary format. See \fBaudit_syslog\fR(5) for an alternate data format. .sp .LP @@ -767,7 +767,6 @@ creator UID 4 bytes .in -2 .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -786,17 +785,11 @@ Interface Stability See below. .LP The binary file format is Committed. The binary file contents is Uncommitted. .SH SEE ALSO -.sp .LP -\fBaudit\fR(1M), \fBauditd\fR(1M), \fBbsmconv\fR(1M), \fBaudit\fR(2), -\fBauditon\fR(2), \fBau_to\fR(3BSM), \fBaudit_control\fR(4), -\fBaudit_syslog\fR(5) -.sp -.LP -Part\ VII, \fISolaris Auditing,\fR in \fISystem Administration Guide: Security -Services\fR +\fBaudit\fR(1M), \fBauditd\fR(1M), \fBaudit\fR(2), +\fBauditon\fR(2), \fBau_to\fR(3BSM), +\fBaudit_binfile\fR(5), \fBaudit_remote\fR(5), \fBaudit_syslog\fR(5) .SH NOTES -.sp .LP Each token is generally written using the \fBau_to\fR(3BSM) family of function calls. diff --git a/usr/src/man/man4/audit_class.4 b/usr/src/man/man4/audit_class.4 index a3f3aa6db9..141c1d5996 100644 --- a/usr/src/man/man4/audit_class.4 +++ b/usr/src/man/man4/audit_class.4 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_CLASS 4 "Jun 26, 2008" +.TH AUDIT_CLASS 4 "Mar 6, 2017" .SH NAME audit_class \- audit class definitions .SH SYNOPSIS @@ -13,15 +13,13 @@ audit_class \- audit class definitions .fi .SH DESCRIPTION -.sp .LP \fB/etc/security/audit_class\fR is a user-configurable ASCII system file that stores class definitions used in the audit system. Audit events in \fBaudit_event\fR(4) are mapped to one or more of the defined audit classes. \fBaudit_event\fR can be updated in conjunction with changes to -\fBaudit_class\fR. See \fBaudit_control\fR(4) and \fBaudit_user\fR(4) for -information about changing the preselection of audit classes in the audit -system. Programs can use the \fBgetauclassent\fR(3BSM) routines to access audit +\fBaudit_class\fR. +Programs can use the \fBgetauclassent\fR(3BSM) routines to access audit class information. .sp .LP @@ -138,7 +136,6 @@ The following is an example of an \fBaudit_class\fR file: .sp .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit_class\fR\fR @@ -148,7 +145,6 @@ The following is an example of an \fBaudit_class\fR file: .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -167,22 +163,11 @@ Interface Stability See below. .LP The file format stability is Committed. The file content is Uncommitted. .SH SEE ALSO -.sp .LP -\fBbsmconv\fR(1M), \fBau_preselect\fR(3BSM), \fBgetauclassent\fR(3BSM), -\fBaudit_control\fR(4), \fBaudit_event\fR(4), \fBaudit_user\fR(4), -\fBattributes\fR(5) -.sp -.LP -Part\ VII, \fISolaris Auditing,\fR in \fISystem Administration Guide: Security -Services\fR +\fBau_preselect\fR(3BSM), \fBgetauclassent\fR(3BSM), +\fBaudit_event\fR(4), \fBattributes\fR(5) .SH NOTES -.sp .LP It is possible to deliberately turn on the \fBno\fR class in the kernel, in which case the audit trail will be flooded with records for the audit event \fBAUE_NULL\fR. -.sp -.LP -This functionality is available only if Solaris Auditing has been enabled. See -\fBbsmconv\fR(1M) for more information. diff --git a/usr/src/man/man4/audit_control.4 b/usr/src/man/man4/audit_control.4 deleted file mode 100644 index 740467589d..0000000000 --- a/usr/src/man/man4/audit_control.4 +++ /dev/null @@ -1,343 +0,0 @@ -'\" te -.\" Copyright (c) 2009, Sun Microsystems, Inc. -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. -.\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with -.\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_CONTROL 4 "Apr 16, 2009" -.SH NAME -audit_control \- control information for system audit daemon -.SH SYNOPSIS -.LP -.nf -\fB/etc/security/audit_control\fR -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBaudit_control\fR file contains audit control information used by -\fBauditd\fR(1M). Each line consists of a title and a string, separated by a -colon. There are no restrictions on the order of lines in the file, although -some lines must appear only once. A line beginning with `\fB#\fR' is a comment. -A line can be continued with the use of the backslash (\fB\e\fR) convention. -(See EXAMPLES.) -.sp -.LP -Directory definition lines list the directories to be used when creating audit -files, in the order in which they are to be used. The format of a directory -line is: -.sp -.LP -\fBdir:\fR\fIdirectory-name\fR -.sp -.LP -\fIdirectory-name\fR is where the audit files will be created. Any valid -writable directory can be specified. -.sp -.LP -The following configuration is recommended: -.sp -.LP -\fB/etc/security/audit/\fIserver\fR/files\fR -.sp -.LP -where \fIserver\fR is the name of a central machine, since audit files -belonging to different servers are usually stored in separate subdirectories of -a single audit directory. The naming convention normally has \fIserver\fR be a -directory on a server machine, and all clients mount -\fB/etc/security/audit/\fR\fIserver\fR at the same location in their local file -systems. If the same server exports several different file systems for -auditing, their \fIserver\fR names will, of course, be different. -.sp -.LP -There are several other ways for audit data to be arranged: some sites may have -needs more in line with storing each host's audit data in separate -subdirectories. The audit structure used will depend on each individual site. -.sp -.LP -The audit threshold line specifies the percentage of free space that must be -present in the file system containing the current audit file. The format of the -threshold line is: -.sp -.LP -\fBminfree:\fR\fIpercentage\fR -.sp -.LP -where \fIpercentage\fR is indicates the amount of free space required. If free -space falls below this threshold, the audit daemon \fBauditd\fR(1M) invokes the -shell script \fBaudit_warn\fR(1M). If no threshold is specified, the default is -0%. -.sp -.LP -The \fBplugin\fR definition line selects a plugin to be loaded by the audit -daemon for processing audit records. -.sp -.LP -The format of a plugin line is: -.sp -.in +2 -.nf -plugin: \fIkeyword1\fR=\fIvalue1\fR;\fIkeyword2\fR=\fIvalue2\fR; -.fi -.in -2 -.sp - -.sp -.LP -The following keywords are defined: -.sp -.ne 2 -.na -\fB\fBname\fR\fR -.ad -.RS 9n -The value is the pathname of the plugin. This specification is required. -.RE - -.sp -.ne 2 -.na -\fB\fBqsize\fR\fR -.ad -.RS 9n -The value is the maximum number of records to queue for audit data sent to the -plugin. If omitted, the current hiwater mark (see the \fB-getqctrl\fR of -\fBauditconfig\fR(1M)) is used. When this maximum is reached, \fBauditd\fR will -either block or discard data, depending on the audit policy \fBcnt\fR. See -\fBauditconfig\fR(1M). -.RE - -.sp -.ne 2 -.na -\fB\fBp_*\fR\fR -.ad -.RS 9n -A keyword with the prefix \fBp_\fR is passed to the plugin defined by the value -associated with the \fBname\fR attribute. These attributes are defined for each -plugin. By convention, if the value associated with a \fBplugin\fR attribute is -a list, the list items are separated with commas. -.RE - -.sp -.LP -If pathname is a relative path (it does not start with \fB/\fR) the library -path will be taken as relative to \fB/usr/lib/security/$ISA\fR. The \fB$ISA\fR -token is replaced by an implementation-defined directory name that defines the -path relative to the \fBauditd\fR(1M) instruction set architecture. -.sp -.LP -See \fBaudit_syslog\fR(5) for the attributes expected for \fBplugin: -name=audit_syslog.so\fR. -.sp -.LP -No plugin specifier is required for generation of a binary audit log. However, -to set a queue size of other than the default, a plugin line with -\fBname=audit_binfile.so\fR can be used as described in \fBaudit_binfile\fR(5). -.sp -.LP -You must specify one or more plugins. (In the case of \fBaudit_binfile.so\fR, -use of \fBdir:\fR or \fBplugin:\fR suffices.) -.sp -.LP -The audit flags line specifies the default system audit value. This value is -combined with the user audit value read from \fBaudit_user\fR(4) to form a -user's process preselection mask. -.sp -.LP -The algorithm for obtaining the process preselection mask is as follows: the -audit flags from the \fBflags:\fR line in the \fBaudit_control\fR file are -added to the flags from the \fBalways-audit\fR field in the user's entry in the -\fBaudit_user\fR file. The flags from the \fBnever-audit\fR field from the -user's entry in the \fBaudit_user\fR file are then subtracted from the total: -.sp -.in +2 -.nf -user's process preselection mask = - (flags: line + always audit flags) - never audit flags -.fi -.in -2 -.sp - -.sp -.LP -The format of a flags line is: -.sp -.LP -\fBflags:\fR\fIaudit-flags\fR -.sp -.LP -where \fIaudit-flags\fR specifies which event classes are to be audited. The -character string representation of \fIaudit-flags\fR contains a series of flag -names, each one identifying a single audit class, separated by commas. A name -preceded by `\fB\(mi\fR\&' means that the class should be audited for failure -only; successful attempts are not audited. A name preceded by `\fB+\fR' means -that the class should be audited for success only; failing attempts are not -audited. Without a prefix, the name indicates that the class is to be audited -for both successes and failures. The special string \fBall\fR indicates that -all events should be audited; \fB\(miall\fR indicates that all failed attempts -are to be audited, and \fB+all\fR all successful attempts. The prefixes -\fB^\fR, \fB^\(mi\fR, and \fB^+\fR turn off flags specified earlier in the -string (\fB^\(mi\fR and \fB^+\fR for failing and successful attempts, \fB^\fR -for both). They are typically used to reset flags. -.sp -.LP -The non-attributable flags line is similar to the flags line, but this one -contain the audit flags that define what classes of events are audited when an -action cannot be attributed to a specific user. The format of a \fBnaflags\fR -line is: -.sp -.LP -\fBnaflags:\fR\fIaudit-flags\fR -.sp -.LP -The flags are separated by commas, with no spaces. See \fBaudit_class\fR(4) for -a list of the predefined audit classes. Note that the classes are configurable -as also described in \fBaudit_class\fR(4). -.sp -.LP -A line can be continued by appending a backslash (\fB\e\fR). -.SH EXAMPLES -.LP -\fBExample 1 \fRSample \fBaudit_control\fR File for Specific Host -.sp -.LP -The following is a sample \fB/etc/security/audit_control\fR file for the -machine \fBeggplant\fR. - -.sp -.LP -The file's contents identify server \fBjedgar\fR with two file systems normally -used for audit data, another server, \fBglobal\fR, used only when \fBjedgar\fR -fills up or breaks, and specifies that the warning script is run when the file -systems are 80% filled. It also specifies that all logins, administrative -operations are to be audited, whether or not they succeed. All failures except -failures to access object attributes are to be audited. - -.sp -.in +2 -.nf -dir: /etc/security/jedgar/eggplant -dir: /etc/security/jedgar.aux/eggplant -# -# Last-ditch audit file system when jedgar fills up. -# -dir: /etc/security/global/eggplant -minfree: 20 -flags: lo,ad,-all,^-fm -naflags: lo,ad -.fi -.in -2 -.sp - -.LP -\fBExample 2 \fRSample \fBaudit_control\fR File for syslog and Local Storage -.sp -.LP -Shown below is a sample \fB/etc/security/audit_control\fR file for syslog and -local storage. For the binary log, the output is all \fBlo\fR and \fBad\fR -records, all failures of class \fBfm\fR and any classes specified by means of -\fBaudit_user\fR(4). For syslog output, all \fBlo\fR records are output, only -failure \fBad\fR records are output, and no \fBfm\fR records are output. The -specification for the plugin is given in two lines. - -.sp -.in +2 -.nf -dir: /etc/security/jedgar/eggplant -dir: /etc/security/jedgar.aux/eggplant -# -# Last-ditch audit file system when jedgar fills up. -# -dir: /etc/security/global/eggplant -minfree: 20 -flags: lo,ad,-fm -naflags: lo,ad -plugin: name=audit_syslog.so;p_flags=lo,+ad;\e -qsize=512 -.fi -.in -2 -.sp - -.LP -\fBExample 3 \fROverriding the Default Queue Size -.sp -.LP -Shown below is a sample \fB/etc/security/audit_control\fR file that overrides -the default queue size for binary audit log file generation. - -.sp -.in +2 -.nf -dir: /etc/security/jedgar/eggplant -dir: /etc/security/jedgar.aux/eggplant -# -# Last-ditch audit file system when jedgar fills up. -# -dir: /etc/security/global/eggplant -minfree: 20 -flags: lo,ad,-fm -naflags: lo,ad -plugin: name=audit_binfile.so; qsize=256 -.fi -.in -2 -.sp - -.SH FILES -.sp -.LP -\fB/etc/security/audit_control\fR -.sp -.LP -\fB/etc/security/audit_warn\fR -.sp -.LP -\fB/etc/security/audit/*/*/*\fR -.sp -.LP -\fB/etc/security/audit_user\fR -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Obsolete Committed -.TE - -.SH SEE ALSO -.sp -.LP -\fBaudit\fR(1M), \fBaudit_warn\fR(1M), \fBauditd\fR(1M), \fBbsmconv\fR(1M), -\fBaudit\fR(2), \fBgetfauditflags\fR(3BSM), \fBaudit.log\fR(4), -\fBaudit_class\fR(4), \fBaudit_user\fR(4), \fBattributes\fR(5), -\fBaudit_binfile\fR(5), \fBaudit_syslog\fR(5) -.sp -.LP -Part\ VII, \fISolaris Auditing,\fR in \fISystem Administration Guide: Security -Services\fR -.SH NOTES -.sp -.LP -Use of the plugin configuration line to include \fBaudit_syslog.so\fR requires -that \fB/etc/syslog.conf\fR be configured for audit data. See -\fBaudit_syslog\fR(5) for more details. -.sp -.LP -Configuration changes do not affect audit sessions that are currently running, -as the changes do not modify a process's preselection mask. To change the -preselection mask on a running process, use the \fB-setpmask\fR option of the -\fBauditconfig\fR command (see \fBauditconfig\fR(1M)). If the user logs out and -logs back in, the new configuration changes will be reflected in the next audit -session. -.sp -.LP -This file is Obsolete and may be removed and replaced with equivalent -functionality in a future release of Solaris. diff --git a/usr/src/man/man4/audit_event.4 b/usr/src/man/man4/audit_event.4 index 8d1ab89581..b1b0935138 100644 --- a/usr/src/man/man4/audit_event.4 +++ b/usr/src/man/man4/audit_event.4 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_EVENT 4 "Jun 26, 2008" +.TH AUDIT_EVENT 4 "Mar 6, 2017" .SH NAME audit_event \- audit event definition and class mapping .SH SYNOPSIS @@ -13,14 +13,12 @@ audit_event \- audit event definition and class mapping .fi .SH DESCRIPTION -.sp .LP \fB/etc/security/audit_event\fR is a user-configurable ASCII system file that stores event definitions used in the audit system. As part of this definition, each event is mapped to one or more of the audit classes defined in -\fBaudit_class\fR(4). See \fBaudit_control\fR(4) and \fBaudit_user\fR(4) for -information about changing the preselection of audit classes in the audit -system. Programs can use the \fBgetauevent\fR(3BSM) routines to access audit +\fBaudit_class\fR(4). +Programs can use the \fBgetauevent\fR(3BSM) routines to access audit event information. .sp .LP @@ -142,7 +140,6 @@ The following is an example of some \fBaudit_event\fR file entries: .sp .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -161,7 +158,6 @@ Interface Stability See below. .LP The file format stability is Committed. The file content is Uncommitted. .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/audit_event\fR\fR @@ -171,16 +167,5 @@ The file format stability is Committed. The file content is Uncommitted. .RE .SH SEE ALSO -.sp -.LP -\fBbsmconv\fR(1M), \fBgetauevent\fR(3BSM), \fBaudit_class\fR(4), -\fBaudit_control\fR(4), \fBaudit_user\fR(4) -.sp -.LP -Part\ VII, \fISolaris Auditing,\fR in \fISystem Administration Guide: Security -Services\fR -.SH NOTES -.sp .LP -This functionality is available only if Solaris Auditing has been enabled. See -\fBbsmconv\fR(1M) for more information. +\fBgetauevent\fR(3BSM), \fBaudit_class\fR(4) diff --git a/usr/src/man/man4/audit_user.4 b/usr/src/man/man4/audit_user.4 deleted file mode 100644 index 2b499ba345..0000000000 --- a/usr/src/man/man4/audit_user.4 +++ /dev/null @@ -1,132 +0,0 @@ -'\" te -.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_USER 4 "Feb 25, 2017" -.SH NAME -audit_user \- per-user auditing data file -.SH SYNOPSIS -.LP -.nf -\fB/etc/security/audit_user\fR -.fi - -.SH DESCRIPTION -.LP -\fBaudit_user\fR is a database that stores per-user auditing preselection data. -You can use the \fBaudit_user\fR file with other authorization sources, -including the \fBNIS\fR map \fBaudit_user.byname\fR. Programs use the -\fBgetauusernam\fR(3BSM) routines to access this information. -.sp -.LP -The search order for multiple user audit information sources is specified in -the \fB/etc/nsswitch.conf\fR file. See \fBnsswitch.conf\fR(4). The lookup -follows the search order for \fBpasswd\fR(4). -.sp -.LP -The fields for each user entry are separated by colons (\fB:\fR). Each user is -separated from the next by a newline. \fBaudit_user\fR does not have general -read permission. Each entry in the \fBaudit_user\fR file has the form: -.sp -.in +2 -.nf -\fIusername\fR:\fIalways-audit-flags\fR:\fInever-audit-flags\fR -.fi -.in -2 -.sp - -.sp -.LP -The fields are defined as follows: -.sp -.ne 2 -.na -\fB\fIusername\fR\fR -.ad -.RS 22n -User's login name. -.RE - -.sp -.ne 2 -.na -\fB\fIalways-audit-flags\fR\fR -.ad -.RS 22n -Flags specifying event classes to \fIalways\fR audit. -.RE - -.sp -.ne 2 -.na -\fB\fInever-audit-flags\fR\fR -.ad -.RS 22n -Flags specifying event classes to \fInever\fR audit. -.RE - -.sp -.LP -For a complete description of the audit flags and how to combine them, see -\fBaudit_control\fR(4). -.SH EXAMPLES -.LP -\fBExample 1 \fRUsing the \fBaudit_user\fR File -.sp -.in +2 -.nf -other:lo,am:io,cl -fred:lo,ex,+fc,-fr,-fa:io,cl -ethyl:lo,ex,nt:io,cl -.fi -.in -2 -.sp - -.SH FILES -.LP -\fB/etc/nsswitch.conf\fR -.sp -.LP -\fB/etc/passwd\fR -.sp -.LP -\fB/etc/security/audit_user\fR -.SH ATTRIBUTES -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability See below. -.TE - -.sp -.LP -The file format stability is Committed. The file content is Uncommitted. -.SH SEE ALSO -.LP -\fBbsmconv\fR(1M), \fBgetauusernam\fR(3BSM), \fBaudit_control\fR(4), -\fBnsswitch.conf\fR(4), \fBpasswd\fR(4) -.sp -.LP -Part\ VII, \fISolaris Auditing,\fR in \fISystem Administration Guide: Security -Services\fR -.SH NOTES -.LP -This functionality is available only if the Basic Security Module (\fBBSM\fR) -has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp -.LP -Configuration changes do not affect audit sessions that are currently running, -as the changes do not modify a process's preselection mask. To change the -preselection mask on a running process, use the \fB-setpmask\fR option of the -\fBauditconfig\fR command (see \fBauditconfig\fR(1M)). If the user logs out and -logs back in, the new configuration changes will be reflected in the next audit -session. diff --git a/usr/src/man/man4/device_allocate.4 b/usr/src/man/man4/device_allocate.4 index da4f3007ea..099022328e 100644 --- a/usr/src/man/man4/device_allocate.4 +++ b/usr/src/man/man4/device_allocate.4 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH DEVICE_ALLOCATE 4 "May 12, 2008" +.TH DEVICE_ALLOCATE 4 "Mar 6, 2017" .SH NAME device_allocate \- device_allocate file .SH SYNOPSIS @@ -13,7 +13,6 @@ device_allocate \- device_allocate file .fi .SH DESCRIPTION -.sp .LP The \fBdevice_allocate\fR file is an \fBASCII\fR file that resides in the \fB/etc/security\fR directory. It contains mandatory access control information @@ -159,7 +158,6 @@ the system administrator. .RE .SS "Notes on \fBdevice_allocate\fR" -.sp .LP The \fBdevice_allocate\fR file is an ASCII file that resides in the \fB/etc/security\fR directory. @@ -235,7 +233,6 @@ to use it (with \fBallocate\fR(1) and \fBdeallocate\fR(1)). If a device is not allocatable, there is an asterisk (\fB*\fR) in the \fIauths\fR field, and no one can use the device. .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/device_allocate\fR\fR @@ -246,7 +243,6 @@ Contains list of allocatable devices .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -262,16 +258,10 @@ Interface Stability Uncommitted .TE .SH SEE ALSO -.sp .LP -\fBauths\fR(1), \fBallocate\fR(1), \fBbsmconv\fR(1M), \fBdeallocate\fR(1), +\fBauths\fR(1), \fBallocate\fR(1), \fBdeallocate\fR(1), \fBlist_devices\fR(1), \fBauth_attr\fR(4), \fBattributes\fR(5) .SH NOTES -.sp -.LP -The functionality described in this man page is available only if Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP On systems configured with Trusted Extensions, the functionality is enabled by default. On such systems, the \fBdevice_allocate\fR file is updated diff --git a/usr/src/man/man4/device_maps.4 b/usr/src/man/man4/device_maps.4 index 9a617cbbaf..5460ca44a0 100644 --- a/usr/src/man/man4/device_maps.4 +++ b/usr/src/man/man4/device_maps.4 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH DEVICE_MAPS 4 "Apr 30, 2008" +.TH DEVICE_MAPS 4 "Mar 6, 2017" .SH NAME device_maps \- device_maps file .SH SYNOPSIS @@ -13,7 +13,6 @@ device_maps \- device_maps file .fi .SH DESCRIPTION -.sp .LP The \fBdevice_maps\fR file contains access control information about each physical device. Each device is represented by a one line entry of the form: @@ -106,7 +105,6 @@ rmt:\e .sp .SH FILES -.sp .ne 2 .na \fB\fB/etc/security/device_maps\fR\fR @@ -116,7 +114,6 @@ Contains access control information for devices. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -132,17 +129,11 @@ Interface Stability Uncommitted .TE .SH SEE ALSO -.sp .LP -\fBallocate\fR(1), \fBbsmconv\fR(1M), \fBdeallocate\fR(1), +\fBallocate\fR(1), \fBdeallocate\fR(1), \fBlist_devices\fR(1), \fBdminfo\fR(1M), \fBdevice_allocate\fR(4), \fBattributes\fR(5) .SH NOTES -.sp -.LP -The functionality described in this man page is available only if Solaris -Auditing has been enabled. See \fBbsmconv\fR(1M) for more information. -.sp .LP On systems configured with Trusted Extensions, the functionality is enabled by default. On such systems, the \fBdevice_allocate\fR(4) file is updated diff --git a/usr/src/man/man4/exec_attr.4 b/usr/src/man/man4/exec_attr.4 index 571f1514a4..caa651720e 100644 --- a/usr/src/man/man4/exec_attr.4 +++ b/usr/src/man/man4/exec_attr.4 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH EXEC_ATTR 4 "Feb 25, 2017" +.TH EXEC_ATTR 4 "Mar 6, 2017" .SH NAME exec_attr \- execution profiles database .SH SYNOPSIS @@ -273,7 +273,7 @@ equals (\fB=\fR), and backslash (\fB\\fR). .LP \fBauths\fR(1), \fBdtaction\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), \fBsh\fR(1), \fBmakedbm\fR(1M), \fBgetauthattr\fR(3SECDB), -\fBgetauusernam\fR(3BSM), \fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB), +\fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB), \fBgetuserattr\fR(3SECDB), \fBkva_match\fR(3SECDB), \fBauth_attr\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBprivileges\fR(5) diff --git a/usr/src/man/man4/nscd.conf.4 b/usr/src/man/man4/nscd.conf.4 index 04d1eafd53..be0b415b61 100644 --- a/usr/src/man/man4/nscd.conf.4 +++ b/usr/src/man/man4/nscd.conf.4 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH NSCD.CONF 4 "Aug 21, 2006" +.TH NSCD.CONF 4 "Mar 6, 2017" .SH NAME nscd.conf \- name service cache daemon configuration .SH SYNOPSIS @@ -13,7 +13,6 @@ nscd.conf \- name service cache daemon configuration .fi .SH DESCRIPTION -.sp .LP The \fBnscd.conf\fR file contains the configuration information for \fBnscd\fR(1M). Each line specifies either an \fIattribute\fR and a @@ -25,7 +24,7 @@ not interpreted by \fBnscd\fR. .LP \fIcachename\fR is represented by \fBhosts\fR, \fBipnodes\fR, \fBpasswd\fR, \fBgroup\fR, \fBexec_attr\fR, \fBprof_attr\fR, \fBuser_attr\fR, \fBethers\fR, -\fBrpc\fR, \fBprotocols\fR, \fBnetworks\fR, \fBbootparams\fR, \fBaudit_user\fR, +\fBrpc\fR, \fBprotocols\fR, \fBnetworks\fR, \fBbootparams\fR, \fBauth_attr\fR, \fBservices\fR, \fBnetmasks\fR, \fBprinters\fR, or \fBproject\fR. .sp @@ -178,7 +177,6 @@ automatically adjusts the hash table size. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -196,9 +194,8 @@ Interface Stability Committed .TE .SH SEE ALSO -.sp .LP -\fBnscd\fR(1M), \fBaudit_user\fR(4), \fBauth_attr\fR(4), \fBbootparams\fR(4), +\fBnscd\fR(1M), \fBauth_attr\fR(4), \fBbootparams\fR(4), \fBethers\fR(4), \fBexec_attr\fR(4), \fBgroup\fR(4), \fBhosts\fR(4), \fBnetmasks\fR(4), \fBnetworks\fR(4), \fBpasswd\fR(4), \fBprinters\fR(4), \fBprof_attr\fR(4), \fBproject\fR(4), \fBprotocols\fR(4), \fBrpc\fR(4), diff --git a/usr/src/man/man4/nsswitch.conf.4 b/usr/src/man/man4/nsswitch.conf.4 index dbfcbd6a1b..ea46118b9d 100644 --- a/usr/src/man/man4/nsswitch.conf.4 +++ b/usr/src/man/man4/nsswitch.conf.4 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH NSSWITCH.CONF 4 "Feb 25, 2017" +.TH NSSWITCH.CONF 4 "Mar 6, 2017" .SH NAME nsswitch.conf \- configuration file for the name service switch .SH SYNOPSIS @@ -45,7 +45,7 @@ T} \fBnetmasks\fR \fBifconfig\fR(1M) \fBnetworks\fR \fBgetnetbyname\fR(3SOCKET) \fBpasswd\fR T{ -\fBgetpwnam\fR(3C), \fBgetspnam\fR(3C), \fBgetauusernam\fR(3BSM), \fBgetusernam\fR(3SECDB) +\fBgetpwnam\fR(3C), \fBgetspnam\fR(3C), \fBgetusernam\fR(3SECDB) T} \fBprinters\fR T{ \fBlp\fR(1), \fBlpstat\fR(1), \fBcancel\fR(1), \fBlpr\fR(1B), \fBlpq\fR(1B), \fBlprm\fR(1B), \fBin.lpd\fR(1M), \fBlpadmin\fR(1M), \fBlpget\fR(1M), \fBlpset\fR(1M) @@ -768,7 +768,7 @@ Sample configuration file that uses \fBfiles\fR, \fBdns\fR and \fBmdns\fR \fBkpasswd\fR(1), \fBldap\fR(1), \fBnewtask\fR(1), \fBpasswd\fR(1), \fBautomount\fR(1M), \fBifconfig\fR(1M), \fBmdnsd\fR(1M), \fBrpc.bootparamd\fR(1M), \fBsendmail\fR(1M), -\fBgetauusernam\fR(3BSM), \fBgetgrnam\fR(3C), \fBgetnetgrent\fR(3C), +\fBgetgrnam\fR(3C), \fBgetnetgrent\fR(3C), \fBgetpwnam\fR(3C), \fBgetspnam\fR(3C), \fBgethostbyname\fR(3NSL), \fBgetpublickey\fR(3NSL), \fBgetrpcbyname\fR(3NSL), \fBnetdir\fR(3NSL), \fBsecure_rpc\fR(3NSL), \fBgetprojent\fR(3PROJECT), diff --git a/usr/src/man/man5/audit_binfile.5 b/usr/src/man/man5/audit_binfile.5 index 327586c4f5..ce15b4f06a 100644 --- a/usr/src/man/man5/audit_binfile.5 +++ b/usr/src/man/man5/audit_binfile.5 @@ -1,11 +1,12 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_BINFILE 5 "Jun 24, 2009" +.TH AUDIT_BINFILE 5 "Mar 6, 2017" .SH NAME -audit_binfile \- generation of Solaris audit logs +audit_binfile \- generation of audit logs .SH SYNOPSIS .LP .nf @@ -13,27 +14,21 @@ audit_binfile \- generation of Solaris audit logs .fi .SH DESCRIPTION -.sp .LP -The \fBaudit_binfile\fR plugin module for Solaris audit, +The \fBaudit_binfile\fR plugin module for audit, \fB/usr/lib/security/audit_binfile.so\fR, writes binary audit data to files as -configured in \fBaudit_control\fR(4); it is the default plugin for the Solaris -audit daemon \fBauditd\fR(1M). Its output is described by \fBaudit.log\fR(4). -.sp -.LP -The \fBaudit_binfile\fR plugin is loaded by \fBauditd\fR if \fBaudit_control\fR -contains one or more lines defining audit directories by means of the -\fBdir:\fR specification or if \fBaudit_control\fR has a \fBplugin:\fR -specification of \fBname=audit_binfile.so\fR. +specified in the plugin's attributes configured by \fBauditconfig\fR(1M); it +is the default plugin for the audit daemon \fBauditd\fR(1M). Its output is +described by \fBaudit.log\fR(4). .SH OBJECT ATTRIBUTES +.LP +The \fBp_dir\fR attribute specifies a comma-separated list of +directories to be used for storing audit files. .sp .LP -The \fBp_dir\fR and \fBp_minfree\fR attributes are equivalent to the \fBdir:\fR -and \fBminfree:\fR lines described in \fBaudit_control\fR. If both the -\fBdir:\fR line and the \fBp_dir\fR attribute are used, the plugin combines all -directories into a single list with those specified by means of \fBdir:\fR at -the front of the list. If both the \fBminfree\fR and the \fBp_minfree\fR -attributes are given, the \fBp_minfree\fR value is used. +The \fBp_minfree\fR attribute specifies the percentage of free space required. +If free space falls below this threshold, the audit daemon \fBauditd\fR(1M) +invokes the shell script \fBaudit_warn\fR(1M). The default threshold is 0%. .sp .LP The \fBp_fsize\fR attribute defines the maximum size in bytes that an audit @@ -43,18 +38,16 @@ when the audit file contains the specified number of bytes. The default size is zero (0), which allows the file to grow without bound. The value specified must be within the range of [512,000, 2,147,483,647]. .SH EXAMPLES -.sp .LP -The following directives cause \fBaudit_binfile.so\fR to be loaded, specify the +The following commands cause \fBaudit_binfile.so\fR to be activated, specify the directories for writing audit logs, and specify the percentage of required free -space per directory. +space per directory. Note that using \fBauditconfig\fR(1M) only allows one +attribute to be set at a time. .sp .in +2 .nf -flags: lo,ad,-fm -naflags: lo,ad -plugin: name=audit_binfile.so;\e -p_minfree=20;\e +# auditconfig -setplugin audit_binfile active p_minfree=20 +# auditconfig -setplugin audit_binfile active \e p_dir=/var/audit/jedgar/eggplant,\e /var/audit/jedgar.aux/eggplant,\e /var/audit/global/eggplant @@ -63,7 +56,6 @@ p_dir=/var/audit/jedgar/eggplant,\e .sp .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for a description of the following attributes: .sp @@ -81,10 +73,5 @@ Interface Stability Committed .TE .SH SEE ALSO -.sp -.LP -\fBauditd\fR(1M), \fBaudit_control\fR(4), \fBsyslog.conf\fR(4), -\fBattributes\fR(5) -.sp .LP -\fISystem Administration Guide: Security Services\fR +\fBauditd\fR(1M), \fBauditconfig\fR(1M), \fBaudit.log\fR(4), \fBattributes\fR(5) diff --git a/usr/src/man/man5/audit_remote.5 b/usr/src/man/man5/audit_remote.5 index 9d298a02f8..7c5b762011 100644 --- a/usr/src/man/man5/audit_remote.5 +++ b/usr/src/man/man5/audit_remote.5 @@ -1,11 +1,12 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_REMOTE 5 "Sep 8, 2009" +.TH AUDIT_REMOTE 5 "Mar 6, 2017" .SH NAME -audit_remote \- send Solaris audit logs to a remote server +audit_remote \- send audit logs to a remote server .SH SYNOPSIS .LP .nf @@ -13,20 +14,14 @@ audit_remote \- send Solaris audit logs to a remote server .fi .SH DESCRIPTION -.sp .LP -The \fBaudit_remote\fR plugin module for Solaris audit, +The \fBaudit_remote\fR plugin module for audit, \fB/usr/lib/security/audit_remote.so\fR, sends binary audit records -(\fBaudit.log\fR(4)) to audit servers specified in \fBaudit_control\fR(4). -.sp -.LP -The \fBaudit_remote\fR plugin is loaded by \fBauditd\fR(1M) if -\fBaudit_control\fR contains a \fBplugin:\fR specification of -\fBname=audit_remote.so\fR. +(\fBaudit.log\fR(4)) to audit servers specified in the plugin's attributes +configured by \fBauditconfig\fR(1M). .SS "Object Attributes" -.sp .LP -The following attributes specify the configuration of \fBaudit_remote\fR +The following attributes specify the configuration of the \fBaudit_remote\fR plugin: .sp .ne 2 @@ -100,10 +95,9 @@ The default is the value of the kernel queue control high water mark. See .RE .SS "GSS SESSION" -.sp .LP The \fBaudit_remote plugin\fR is a TCP client that authenticates configured -audit servers using the GSS-API (\fBlibgss\fR(3LIB)). Binary Solaris Audit +audit servers using the GSS-API (\fBlibgss\fR(3LIB)). Binary Audit records are sent with integrity and confidentiality protection as per-message tokens generated by \fBgss_wrap\fR(3GSS). .sp @@ -154,7 +148,6 @@ retry <count> <error>.<error>\fR is connection \fB<host:port> <the network error>\fR\&. An \fBEPROTO\fR network error indicates that the client plugin did not get a successful protocol version handshake. .SS "PROTOCOL DESCRIPTION" -.sp .LP All protocol messages are preceded by the 4 octets of the size of the data to follow. This size is in network byte order. @@ -266,11 +259,27 @@ Secure remote audit client/server communication flow: .SH EXAMPLES .LP -\fBExample 1 \fRLoading \fBaudit_remote.so\fR and Specifying the Remote Audit +\fBExample 1 \fRActivating \fBaudit_remote.so\fR and Specifying attributes +.sp +.LP +The following commands cause \fBaudit_remote.so\fR to be activated and set +the \fBp_retries\fR and \fBp_timeout\fR attributes. Note that using +\fBauditconfig\fR(1M) only allows one attribute to be set at a time. + +.sp +.in +2 +.nf +# auditconfig -setplugin audit_remote active p_retries=2 +# auditconfig -setplugin audit_remote active p_timeout=90 +.fi +.in -2 + +.LP +\fBExample 2 \fRActivating \fBaudit_remote.so\fR and Specifying the Remote Audit Servers .sp .LP -The following directives cause \fBaudit_remote.so\fR to be loaded and specify +The following command causes \fBaudit_remote.so\fR to be activated and specifies the remote audit servers to where the audit records are sent. The \fBkerberos_v5\fR security mechanism is defined to be used when communicating with the servers. @@ -278,15 +287,14 @@ with the servers. .sp .in +2 .nf -plugin: name=audit_remote.so;\e -p_timeout=90;p_retries=2;\e +# auditconfig -setplugin audit_remote active \e p_hosts=eggplant.eng.sun.com::kerberos_v5,\e purple.ebay.sun.com:4592:kerberos_v5 .fi .in -2 .LP -\fBExample 2 \fRUsing the Configuration of Usage Default Security Mechanism +\fBExample 3 \fRUsing the Configuration of Usage Default Security Mechanism .sp .LP The following example shows the configuration of usage of default security @@ -295,8 +303,7 @@ mechanism. It also shows use of default port on one of the configured servers: .sp .in +2 .nf -plugin: name=audit_remote.so;\e -p_timeout=10;p_retries=2;\e +# auditconfig -setplugin audit_remote active \e p_hosts=jedger.eng.sun.com,\e jbadams.ebay.sun.com:4592 .fi @@ -304,7 +311,6 @@ jbadams.ebay.sun.com:4592 .sp .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for a description of the following attributes: .sp @@ -327,17 +333,15 @@ The plugin configuration parameters are Committed. The client/server protocol (version \fB"01"\fR) is Contracted Project Private. See \fBaudit.log\fR(4) for the audit record format and content stability. .SH SEE ALSO -.sp .LP \fBauditd\fR(1M), \fBauditconfig\fR(1M), \fBaudit_warn\fR(1M), \fBgetipnodebyname\fR(3SOCKET), \fBgetservbyname\fR(3XNET), \fBgss_accept_sec_context\fR(3GSS), \fBgss_get_mic\fR(3GSS), \fBgss_init_sec_context\fR(3GSS), \fBgss_wrap\fR(3GSS), \fBgss_unwrap\fR(3GSS), -\fBlibgss\fR(3LIB), \fBlibsocket\fR(3LIB), \fBaudit_control\fR(4), +\fBlibgss\fR(3LIB), \fBlibsocket\fR(3LIB), \fBaudit.log\fR(4), \fBkrb5.conf\fR(4), \fBmech\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5), \fBtcp\fR(7P) .SH NOTES -.sp .LP \fBaudit_remote\fR authenticates itself to the remote audit service by way of GSS-API (\fBlibgss\fR(3LIB)). Default gss credentials are used as provided by diff --git a/usr/src/man/man5/audit_syslog.5 b/usr/src/man/man5/audit_syslog.5 index b581b04aae..fe8ddab719 100644 --- a/usr/src/man/man5/audit_syslog.5 +++ b/usr/src/man/man5/audit_syslog.5 @@ -1,11 +1,12 @@ '\" te +.\" Copyright (c) 2017 Peter Tribble .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH AUDIT_SYSLOG 5 "Sep 25, 2008" +.TH AUDIT_SYSLOG 5 "Mar 6, 2017" .SH NAME -audit_syslog \- realtime conversion of Solaris audit data to syslog messages +audit_syslog \- realtime conversion of audit data to syslog messages .SH SYNOPSIS .LP .nf @@ -13,17 +14,18 @@ audit_syslog \- realtime conversion of Solaris audit data to syslog messages .fi .SH DESCRIPTION -.sp .LP -The \fBaudit_syslog\fR plugin module for Solaris audit, +The \fBaudit_syslog\fR plugin module for audit, \fB/usr/lib/security/audit_syslog.so\fR, provides realtime conversion of -Solaris audit data to syslog-formatted (text) data and sends it to a syslog -daemon as configured in \fBsyslog.conf\fR(4). The plugin's path is specified in -the audit configuration file, \fBaudit_control\fR(4). +audit data to syslog-formatted (text) data and sends it to a syslog +daemon as configured in \fBsyslog.conf\fR(4). +.sp +.LP +Messages to \fBsyslog\fR are written if the \fBaudit_syslog\fR plugin is +activated and configured using \fBauditconfig\fR(1M). .sp .LP -Messages to \fBsyslog\fR are written if selected via the \fBplugin\fR option in -\fBaudit_control\fR. Syslog messages are generated with the facility code of +Syslog messages are generated with the facility code of \fBLOG_AUDIT\fR (\fBaudit\fR in \fBsyslog.conf\fR(4)) and severity of \fBLOG_NOTICE\fR. Audit \fBsyslog\fR messages contain data selected from the tokens described for the binary audit log. (See \fBaudit.log\fR(4)). As with @@ -163,62 +165,50 @@ access(2) ok session 255 by janeuser as janeuser:staff from \e .sp .SH OBJECT ATTRIBUTES -.sp .LP -The \fBp_flag\fR attribute, specified by means of the \fBplugin\fR directive -(see \fBaudit_control\fR(4)), is used to further filter audit data being sent -to the \fBsyslog\fR daemon beyond the classes specified through the \fBflags\fR -and \fBnaflags\fR lines of \fBaudit_control\fR and through the user-specific -lines of \fBaudit_user\fR(4). The parameter is a comma-separated list; each +The \fBp_flags\fR attribute is used to further filter audit data being sent +to the \fBsyslog\fR daemon beyond the default and non-attributable +audit flags. The parameter is a comma-separated list; each item represents an audit class (see \fBaudit_class\fR(4)) and is specified -using the same syntax used in \fBaudit_control\fR for the \fBflags\fR and -\fBnaflags\fR lines. The default (no \fBp_flags\fR listed) is that no audit -records are generated. +using the same syntax used by \fBauditconfig\fR for the \fB-setflags\fR and +\fB-setnaflags\fR options. The default (no \fBp_flags\fR set) is that no +audit records are generated. .SH EXAMPLES .LP -\fBExample 1 \fROne Use of the \fBplugin\fR Line +\fBExample 1 \fREnabling the plugin and selecting events .sp .LP -In the specification shown below, the \fBplugin\fR line (in conjunction with -\fBflags\fR and \fBnaflags\fR) is used to allow class records for \fBlo\fR but -allows class records for \fBam\fR for failures only. Omission of the \fBfm\fR -class records results in no \fBfm\fR class records being output. The \fBpc\fR -parameter has no effect because you cannot add classes to those defined by -means of \fBflags\fR and \fBnaflags\fR and by \fBaudit_user\fR(4). You can only -remove them. +The command below enables the \fBaudit_syslog\fR plugin and sets the +\fBp_flags\fR filter to allow class records for \fBlo\fR but +allows class records for \fBam\fR for failures only. Because no other +classes are listed, not other audit records will be sent to +syslog. You cannot add classes to those defined by means of +\fBflags\fR and \fBnaflags\fR. You can only remove them. .sp .in +2 .nf -flags: lo,am,fm -naflags: lo -plugin: name=audit_syslog.so; p_flags=lo,-am +# autditconf -setplugin audit_syslog active p_flags=lo,-am .fi .in -2 .sp -.LP -\fBExample 2 \fRUse of \fBall\fR +\fBExample 2 \fRViewing the plugin configuration .sp .LP -In the specification shown below, with one exception, \fBall\fR allows all -flags defined by means of \fBflags\fR and \fBnaflags\fR (and -\fBaudit_user\fR(4)). The exception the \fBam\fR metaclass, which is equivalent -to \fBss,as,ua\fR, which is modified to output all \fBua\fR events but only -failure events for \fBss\fR and \fBas\fR. +The command below enables shows the \fBaudit_syslog\fR plugin configuration. .sp .in +2 .nf -flags: lo,am -naflags: lo -plugin: name=audit_syslog.so; p_flags=all,^+ss,^+as +# auditconfig -getplugin audit_syslog +Plugin: audit_syslog (active) + Attributes: p_flags=lo,-am; .fi .in -2 .sp .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for a description of the following attributes: .sp @@ -240,20 +230,15 @@ Interface Stability See below. The message format and message content are Uncommitted. The configuration parameters are Committed. .SH SEE ALSO -.sp .LP -\fBauditd\fR(1M), \fBaudit_class\fR(4), \fBaudit_control\fR(4), +\fBauditd\fR(1M), \fBauditconfig\fR(1M), \fBaudit_class\fR(4), \fBsyslog.conf\fR(4), \fBattributes\fR(5) -.sp -.LP -\fISystem Administration Guide: Security Services\fR .SH NOTES -.sp .LP Use of the \fBplugin\fR configuration line to include \fBaudit_syslog.so\fR requires that \fB/etc/syslog.conf\fR is configured to store \fBsyslog\fR messages of facility \fBaudit\fR and severity \fBnotice\fR or above in a file -intended for Solaris audit records. An example of such a line in +intended for audit records. An example of such a line in \fBsyslog.conf\fR is: .sp .in +2 @@ -270,7 +255,7 @@ UDP, which does not guarantee delivery or ensure the correct order of arrival of messages. .sp .LP -If the parameters specified for the \fBplugin\fR line result in no classes +If the \fBp_flags\fR attribute results in no classes being preselected, an error is reported by means of a \fBsyslog\fR alert with the \fBLOG_DAEMON\fR facility code. .sp diff --git a/usr/src/man/man5/filesystem.5 b/usr/src/man/man5/filesystem.5 index 6b65e7356c..005f803f52 100644 --- a/usr/src/man/man5/filesystem.5 +++ b/usr/src/man/man5/filesystem.5 @@ -19,7 +19,7 @@ .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. .\" Copyright 2016 Nexenta Systems, Inc. .\" -.TH FILESYSTEM 5 "Feb 25, 2017" +.TH FILESYSTEM 5 "Mar 6, 2017" .SH NAME filesystem \- File system organization .SH SYNOPSIS @@ -1351,7 +1351,7 @@ Sun Java System Application Server administrative domain files. .ad .sp .6 .RS 4n -Default location for Solaris Audit log files. +Default location for Audit log files. .RE .sp |