HP-UX Reference (11i v1 00/12) - 2 System Calls (vol 5)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man2/!!!intro.2
________________________________________________________________
___ ___
a
audctl(2) audctl(2)
NAME
audctl - start or halt the auditing system and set or get audit files
SYNOPSIS
#include <sys/audit.h>
int audctl(int cmd, char *cpath, char *npath, mode_t mode);
DESCRIPTION
audctl() sets or gets the auditing system "current" and "next" audit files, and starts or halts the audit-
ing system. This call is restricted to superusers. cpath and npath hold the absolute path names of the
"current" and "next" files. mode specifies the audit file’s permission bits. cmd is one of the following
specifications:
AUD_ON The caller issues the AUD_ON command with the required "current" and "next"
files to turn on the auditing system. If the auditing system is currently off, it is
turned on; the file specified by the cpath parameter is used as the "current" audit
file, and the file specified by the npath parameter is used as the "next" audit file.
If the audit files do not already exist, they are created with the mode specified.
The auditing system then begins writing to the specified "current" file. An empty
string or
NULL npath can be specified if the caller wants to designate that no
"next" file be available to the auditing system. If the auditing system is already
on, no action is performed; -1 is returned and errno is set to EBUSY.
AUD_GET The caller issues the AUD_GET command to retrieve the names of the "current"
and "next" audit files. If the auditing system is on, the names of the "current"
and "next" audit files are returned via the cpath and npath parameters (which
must point to character buffers of sufficient size to hold the file names). mode is
ignored. If the auditing system is on and there is no available "next" file, the
"current" audit file name is returned via the cpath parameter, npath is set to an
empty string;
-1 is returned, and errno is set to ENOENT. If the auditing sys-
tem is off, no action is performed;
-1 is returned and errno is set to EAL-
READY.
AUD_SET The caller issues the AUD_SET command to change both the "current" and
"next" files. If the audit system is on, the file specified by cpath is used as the
"current" audit file, and the file specified by npath is used as the "next" audit file.
If the audit files do not already exist, they are created with the specified mode.
The auditing system begins writing to the specified "current" file. Either an
empty string or
NULL npath can be specified if the caller wants to designate that
no "next" file be available to the auditing system. If the auditing system is off,
no action is performed; -1 is returned and errno is set to EALREADY.
AUD_SETCURR The caller issues the AUD_SETCURR command to change only the "current"
audit file. If the audit system is on, the file specified by cpath is used as the
"current" audit file. If the specified "current" audit file does not exist, it is
created with the specified mode. npath is ignored. The auditing system begins
writing to the specified "current" file. If the audit system is off, no action is per-
formed; -1 is returned and errno is set to EALREADY.
AUD_SETNEXT The caller issues the AUD_SETNEXT command to change only the "next" audit
file. If the auditing system is on, the file specified by npath is used as the "next"
audit file. cpath is ignored. If the "next" audit file specified does not exist, it is
created with the specified mode. Either an empty string or
NULL npath can be
specified if the caller wants to designate that no "next" file be available to the
auditing system. If the auditing system is off, no action is performed;
-1 is
returned, and errno is set to EALREADY.
AUD_SWITCH The caller issues the AUD_SWITCH command to cause auditing system to
switch audit files. If the auditing system is on, it uses the "next" file as the new
"current" audit file and sets the new "next" audit file to NULL. cpath, npath,and
mode are ignored. The auditing system begins writing to the new "current" file.
If the auditing system is off, no action is performed;
-1 is returned, and
errno is set to EALREADY. If the auditing system is on and there is no avail-
able "next" file, no action is performed; -1 is returned, and
errno is set to
ENOENT.
Section 2−−22 − 1 − HP-UX Release 11i: December 2000
___
___