Security and Auditing Library Functions aupreselect(3BSM)
NAME
aupreselect - preselect an audit event
SYNOPSIS
cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
#include
int aupreselect(aueventt event, aumaskt *maskp, int sorf, int flag);
DESCRIPTION
The aupreselect() function determines whether the audit
event event is preselected against the binary preselection
mask pointed to by maskp (usually obtained by a call to
getaudit(2)). The aupreselect() function looks up the
classes associated with event in auditevent(4) and compares
them with the classes in maskp. If the classes associated
with event match the classes in the specified portions of
the binary preselection mask pointed to by maskp, the
event is said to be preselected.
The sorf argument indicates whether the comparison is made
with the success portion, the failure portion, or both por-
tions of the mask pointed to by maskp.
The following are the valid values of sorf:
AUPRSUCES Compare the event class with the success
portion of the preselection mask.
AUPRSFAILURE Compare the event class with the failure
portion of the preselection mask.
AUPRSBOTH Compare the event class with both the suc-
cess and failure portions of the
preselection mask.
The flag argument tells aupreselect() how to read the
auditevent(4) database. Upon initial invocation,
aupreselect() reads the auditevent(4) database and allo-
cates space in an internal cache for each entry with
malloc(3C). In subsequent invocations, the value of flag
determines where aupreselect() obtains audit event informa-
tion. The following are the valid values of flag:
SunOS 5.11 Last change: 31 Mar 2005 1
Security and Auditing Library Functions aupreselect(3BSM)
AUPRSREREAD Get audit event information by searching
the auditevent(4) database.
AUPRSUSECACHE Get audit event information from internal
cache created upon the initial invoca-
tion. This option is much faster.
RETURN VALUES
Upon successful completion,aupreselect() returns 0 if event
is not preselected or 1 if event is preselected. If
aupreselect() could not allocate memory or could not find
event in the auditevent(4) database, -1 is returned.
FILES
/etc/security/auditclass file mapping audit class number
to audit class names and
descriptions
/etc/security/auditevent file mappint audit even number
to audit event names and asso-
ciates
ATRIBUTES
See attributes(5) for a description of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Stable
MT-Level MT-Safe
SEE ALSO
bsmconv(1M), getaudit(2), auopen(3BSM),
getauclassent(3BSM), getauevent(3BSM), malloc(3C),
auditclass(4), auditevent(4), attributes(5)
NOTES
The aupreselect() function is normally called prior to con-
structing and writing an audit record. If the event is not
preselected, the overhead of constructing and writing the
record can be saved.
SunOS 5.11 Last change: 31 Mar 2005 2
Security and Auditing Library Functions aupreselect(3BSM)
The functionality described on this manual page is available
only if the Solaris Auditing has been enabled. See
bsmconv(1M) for more information.
SunOS 5.11 Last change: 31 Mar 2005 3
|
