audit_dpms_api.3 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

audit_dpms_api(3) audit_dpms_api(3)

NAME

audit_dpms_api: audit_dpms_start(), audit_dpms_end(), audit_dpms_read_event(),

audit_dpms_write_event(), audit_dpms_register_ﬁlter() - Audit DPMS Application Program Interface

SYNOPSIS

#include <audit_dpms.h>

#include <audit_dpms_api.h>

cc [ﬂag]... ﬁle...

-laudit_dpms [library ]...

int audit_dpms_start(const char *module,

const audit_dpms_stream_type_t stream_type, const void *stream,

const char *options, const int version, audit_dpms_handle_t **dpmh);

int audit_dpms_end(audit_dpms_handle_t *dpmh);

int audit_dpms_read_event(audit_dpms_handle_t *dpmh,

audit_dpms_event_origin_t *origin,

audit_dpms_event_header_t *header,

audit_dpms_event_subject_t *subject,

audit_dpms_event_object_t *object,

audit_dpms_event_details_t *details, char *buffer);

int audit_dpms_write_event(audit_dpms_handle_t *dpmh,

audit_dpms_event_origin_t *origin,

audit_dpms_event_header_t *header,

audit_dpms_event_subject_t *subject,

audit_dpms_event_object_t *object,

audit_dpms_event_details_t *details, char *buffer);

int audit_dpms_register_filter(audit_dpms_handle_t *dpmh,

const char *filepath);

DESCRIPTION

The Audit Data Process Module Switch (Audit DPMS) Application Programming Interface (API) extracts

audit information from a given audit data source, without having any knowledge of the internal data for-

mat. The Audit DPMS API consists of a set of interfaces that an application writer can use. These inter-

faces are described in the Interface Descriptions section.

See audit_dpms (5) for more information. For a typical calling sequence, see the EXAMPLES section

below.

Audit data is passed to or returned from these interfaces in the origin , header, subject , object , and

details structures on a per event basis.

These structures are explained as follows:

origin Contains the information about the host where the event occurred.

header Contains the information about what the event was, when it occurred, whether it

succeeded, and the reason for the failure if it did not succeed.

subject Contains the information about who is responsible for this event, such as real and

effective user name, process id, audit session id, audit tag, command name and the

source host where the user logged in from.

object Contains the information about what ﬁle or socket that the event tried to access.

details Contains other miscellaneous information about this event, such as system call

arguments and self-auditing text

See

<audit_dpms.h> for details of each ﬁeld represented in these data structures, their names, data

types, and descriptions. Note that all string values in these structures are stored in the buffer provided

in the buffer argument, and are represented in the structures as the offset in the global buffer argument

and the length of the string including the null terminator.

Interface Descriptions

audit_dpms_start()

Loads the DPMS service module speciﬁed by the module argument, allocates space

for the handle, performs other initialization activities, and then returns a pointer to

the handle in the dpmh argument. The libaudit_dpms library uses the handle

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (6 pages)

PAGE 1
audit_dpms_api(3) audit_dpms_api(3) NAME audit_dpms_api: audit_dpms_start(), audit_dpms_end(), audit_dpms_read_event(), audit_dpms_write_event(), audit_dpms_register_filter() - Audit DPMS Application Program Interface SYNOPSIS #include #include cc [flag]... file ... -laudit_dpms [library ]...
PAGE 2
audit_dpms_api(3) audit_dpms_api(3) to store information that is shared by subsequent calls to the audit_dpms_api() functions. A module argument that begins with / specifies an absolute path of a DPMS service module to load. If the module argument does not begin with /, then the DPMS service module is assumed to reside in one of the following locations: A /usr/lib/security/module .sl /usr/lib/security/pa20_64/module .sl /usr/lib/security/hpux32/module .so /usr/lib/security/hpux64/module .
PAGE 3
audit_dpms_api(3) audit_dpms_api(3) abort_on_data_error If this option is present, audit_dpms_read_event() aborts and returns an error if a data error occurs while reading an event. If this option is not present, audit_dpms_read_event() prints a warning and skips over the event. debug Writes debug information to stderr. read The module will be used for reading. The read option and write option cannot both be specified. If neither read nor write is specified, then read is assumed.
PAGE 4
audit_dpms_api(3) audit_dpms_api(3) /etc/audit/audit.conf or /etc/audit/audit_site.conf.h file. AUDIT_DPMS_FILTER_SYNTAX_ERROR There are syntax errors in the given filter file. AUDIT_DPMS_FILTER_GET_TIME_ERROR Failed in time related function calls. A aA EXAMPLES The following example program reads raw audit data and writes it to a file in portable format. This program assumes that a filter file called audit_filters.txt resides in the current directory.
PAGE 5
audit_dpms_api(3) audit_dpms_api(3) /* cleanup and exit */ audit_dpms_end(dpmh1); audit_dpms_end(dpmh2); exit(0); } WARNINGS Applications should not modify information in the dpmh handle. This information is intended to be used only by the audit_dpms_api() functions. The audit_dpms_api() interfaces are not thread-safe in the current release. A AUTHOR These functions were developed by the Hewlett-Packard Company.
PAGE 6
(Notes) A (Notes) aA 6 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010