PERFORCE change 212963 for review
Joel Dahl
joel at FreeBSD.org
Sat Jun 16 18:01:45 UTC 2012
http://p4web.freebsd.org/@@212963?ac=10
Change 212963 by joel at joel_crashbox on 2012/06/16 18:00:57
mdoc: remove end of line whitespace.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#16 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#18 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 edit
.. //depot/projects/trustedbsd/openbsm/man/audit.log.5#25 edit
.. //depot/projects/trustedbsd/openbsm/man/auditon.2#17 edit
.. //depot/projects/trustedbsd/openbsm/man/getaudit.2#11 edit
.. //depot/projects/trustedbsd/openbsm/man/setaudit.2#11 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#16 (text+ko) ====
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#15 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#16 $
.\"
.Dd January 29, 2009
.Dt AUDIT 8
@@ -46,18 +46,18 @@
.It Fl e
Forces the audit system to immediately remove audit log files that
meet the expiration criteria specified in the audit control file without
-doing a log rotation.
+doing a log rotation.
.It Fl i
Initializes and starts auditing.
This option is currently for Mac OS X only
and requires
.Xr auditd 8
-to be configured to run under
+to be configured to run under
.Xr launchd 8 .
.It Fl n
Forces the audit system to close the existing audit log file and rotate to
a new log file in a location specified in the audit control file.
-Also, audit log files that meet the expiration criteria specified in the
+Also, audit log files that meet the expiration criteria specified in the
audit control file will be removed.
.It Fl s
Specifies that the audit system should [re]synchronize its
@@ -77,7 +77,7 @@
.Xr launchd 8
(Mac OS X only).
The
-.Nm
+.Nm
utility requires audit administrator privileges for successful operation.
.Sh FILES
.Bl -tag -width ".Pa /etc/security/audit_control" -compact
==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#18 (text+ko) ====
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#17 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#18 $
.\"
.Dd December 11, 2008
.Dt AUDITD 8
@@ -59,7 +59,7 @@
.Pp
Optionally, the audit review group "audit" may be created.
Non-privileged
-users that are members of this group may read the audit trail log files.
+users that are members of this group may read the audit trail log files.
.Sh NOTE
To assure uninterrupted audit support, the
.Nm
@@ -72,33 +72,33 @@
.Pa audit_control
file.
.Pp
-If
+If
.Nm
is started on-demand by
-.Xr launchd 8
+.Xr launchd 8
then auditing should only be started and stopped with
.Xr audit 8 .
.Pp
-On Mac OS X,
+On Mac OS X,
.Nm
-uses the
+uses the
.Xr asl 3
API for writing system log messages.
-Therefore, only the audit administrator
+Therefore, only the audit administrator
and members of the audit review group will be able to read the
-system log entries.
+system log entries.
.Sh FILES
.Bl -tag -width ".Pa /etc/security" -compact
.It Pa /var/audit
Default directory for storing audit log files.
.Pp
.It Pa /etc/security
-The directory containing the auditing configuration files
+The directory containing the auditing configuration files
.Xr audit_class 5 ,
.Xr audit_control 5 ,
.Xr audit_event 5 ,
and
-.Xr audit_warn 5 .
+.Xr audit_warn 5 .
.El
.Sh COMPATIBILITY
The historical
==== //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 (text+ko) ====
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#8 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 $
.\"
.Dd August 4, 2009
.Dt AU_IO 3
@@ -83,7 +83,7 @@
.Fn au_print_flags_tok
function is a replacement for
.Fn au_print_tok .
-The
+The
.Fa oflags
controls how the output should be formatted and is specified by
or'ing the following flags:
@@ -148,12 +148,12 @@
It was subsequently adopted by the TrustedBSD Project as the foundation for
the OpenBSM distribution.
.Pp
-The
+The
.Fn au_print_flags_tok
function was added by Stacey Son as a replacement for the
.Fn au_print_tok
so new output formatting flags can be easily added without changing the API.
-The
+The
.Fn au_print_tok
is obsolete but remains in the API to support legacy code.
.Sh AUTHORS
==== //depot/projects/trustedbsd/openbsm/man/audit.log.5#25 (text+ko) ====
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#24 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#25 $
.\"
.Dd November 5, 2006
.Dt AUDIT.LOG 5
@@ -551,7 +551,7 @@
Each token has four or eight fields.
Depending on the type of socket, a socket token may be created using
.Xr au_to_sock_unix 3 ,
-.Xr au_to_sock_inet32 3
+.Xr au_to_sock_inet32 3
or
.Xr au_to_sock_inet128 3 .
.Bl -column -offset 3n ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
==== //depot/projects/trustedbsd/openbsm/man/auditon.2#17 (text+ko) ====
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#16 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#17 $
.\"
.Dd January 29, 2009
.Dt AUDITON 2
@@ -73,25 +73,25 @@
.Dv AUDIT_ARGE .
If
.Dv AUDIT_CNT is set, the system will continue even if it becomes low
-on space and discontinue logging events until the low space condition is
+on space and discontinue logging events until the low space condition is
remedied.
-If it is not set, audited events will block until the low space
+If it is not set, audited events will block until the low space
condition is remedied.
Unaudited events, however, are unaffected.
-If
-.Dv AUDIT_AHLT is set, a
+If
+.Dv AUDIT_AHLT is set, a
.Xr panic 9
if it cannot write an event to the global audit log file.
-If
+If
.Dv AUDIT_ARGV
-is set, then the argument list passed to the
-.Xr execve 2
+is set, then the argument list passed to the
+.Xr execve 2
system call will be audited. If
.Dv AUDIT_ARGE
is set, then the environment variables passed to the
.Xr execve 2
system call will be audited. The default policy is none of the audit policy
-control flags set.
+control flags set.
.It Dv A_SETKAUDIT
Set the host information.
The
@@ -102,7 +102,7 @@
structure containing the host IP address information.
After setting, audit records
that are created as a result of kernel events will contain
-this information.
+this information.
.It Dv A_SETKMASK
Set the kernel preselection masks (success and failure).
The
@@ -110,9 +110,9 @@
argument
must point to a
.Vt au_mask_t
-structure containing the mask values as defined in
+structure containing the mask values as defined in
.In bsm/audit.h .
-These masks are used for non-attributable audit event preselection.
+These masks are used for non-attributable audit event preselection.
The field
.Fa am_success
specifies which classes of successful audit events are to be logged to the
@@ -197,14 +197,14 @@
.Dv AUC_NOAUDIT ,
or
.Dv AUC_DISABLED .
-If
-.Dv AUC_NOAUDIT
-is set, then auditing is temporarily suspended. If
+If
+.Dv AUC_NOAUDIT
+is set, then auditing is temporarily suspended. If
.Dv AUC_AUDITING
-is set, auditing is resumed. If
-.Dv AUC_DISABLED
+is set, auditing is resumed. If
+.Dv AUC_DISABLED
is set, the auditing system will
-shutdown, draining all audit records and closing out the audit trail file.
+shutdown, draining all audit records and closing out the audit trail file.
.It Dv A_SETCLASS
Set the event class preselection mask for an audit event.
The
@@ -215,7 +215,7 @@
structure containing the audit event and mask.
The field
.Fa ec_number
-is the audit event and
+is the audit event and
.Fa ec_class
is the audit class mask. See
.Xr audit_event 5
@@ -259,7 +259,7 @@
must point to a
.Vt au_evclass_map_t
structure. See the
-.Dv A_SETCLASS
+.Dv A_SETCLASS
section above for more information.
.It Dv A_GETKAUDIT
Get the current host information.
@@ -277,23 +277,23 @@
must point to a
.Vt auditpinfo_t
structure which will be set to contain
-.Fa ap_auid
-(the audit ID),
+.Fa ap_auid
+(the audit ID),
.Fa ap_mask
(the preselection mask),
.Fa ap_termid
(the terminal ID), and
-.Fa ap_asid
+.Fa ap_asid
(the audit session ID)
of the given target process.
-The process ID of the target process is passed
+The process ID of the target process is passed
into the kernel using the
.Fa ap_pid
field.
See the section
.Dv A_SETPMASK
-above and
-.Xr getaudit 2
+above and
+.Xr getaudit 2
for more information.
.It Dv A_GETPINFO_ADDR
Return the extended audit settings for a process.
@@ -302,20 +302,20 @@
argument
must point to a
.Vt auditpinfo_addr_t
-structure which is similar to the
+structure which is similar to the
.Vt auditpinfo_addr_t
-structure described above.
-The exception is the
+structure described above.
+The exception is the
.Fa ap_termid
(the terminal ID) field which points to a
-.Vt au_tid_addr_t
-structure can hold much a larger terminal address and an address type.
+.Vt au_tid_addr_t
+structure can hold much a larger terminal address and an address type.
The process ID of the target process is passed into the kernel using the
.Fa ap_pid
field.
-See the section
+See the section
.Dv A_SETPMASK
-above and
+above and
.Xr getaudit 2
for more information.
.It Dv A_GETSINFO_ADDR
@@ -326,10 +326,10 @@
must point to a
.Vt auditinfo_addr_t
structure.
-The audit session ID of the target session is passed
+The audit session ID of the target session is passed
into the kernel using the
.Fa ai_asid
-field. See
+field. See
.Xr getaudit_addr 2
for more information about the
.Vt auditinfo_addr_t
@@ -353,8 +353,8 @@
value which will be set to
one of the current audit policy flags.
The audit policy flags are
-described in the
-.Dv A_SETPOLICY
+described in the
+.Dv A_SETPOLICY
section above.
.It Dv A_GETQCTRL
Return the current kernel audit queue control parameters.
@@ -411,12 +411,12 @@
must point to a
.Vt int
value which will be set to
-the current audit condition, one of
+the current audit condition, one of
.Dv AUC_AUDITING ,
-.Dv AUC_NOAUDIT
+.Dv AUC_NOAUDIT
or
.Dv AUC_DISABLED .
-See the
+See the
.Dv A_SETCOND
section above for more information.
.It Dv A_SENDTRIGGER
==== //depot/projects/trustedbsd/openbsm/man/getaudit.2#11 (text+ko) ====
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#10 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#11 $
.\"
.Dd October 19, 2008
.Dt GETAUDIT 2
@@ -156,7 +156,7 @@
.Fa length
argument indicates an overflow condition will occur.
.It Bq Er E2BIG
-The address is too big and, therefore,
+The address is too big and, therefore,
.Fn getaudit_addr
should be used instead.
.El
==== //depot/projects/trustedbsd/openbsm/man/setaudit.2#11 (text+ko) ====
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#10 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#11 $
.\"
.Dd April 19, 2005
.Dt SETAUDIT 2
@@ -73,13 +73,13 @@
.Pp
The
.Fa ai_auid
-variable contains the audit identifier which is recorded in the audit log for
+variable contains the audit identifier which is recorded in the audit log for
each event the process caused.
.PP
The
.Fa au_mask_t
-data structure defines the bit mask for auditing successful and failed events
+data structure defines the bit mask for auditing successful and failed events
out of the predefined list of event classes. It is defined as follows:
.nf
.in +4n
@@ -95,7 +95,7 @@
The
.Fa au_termid_t
-data structure defines the Terminal ID recorded with every event caused by the
+data structure defines the Terminal ID recorded with every event caused by the
process. It is defined as follows:
.nf
.in +4n
@@ -111,14 +111,14 @@
.PP
The
.Fa ai_asid
-variable contains the audit session ID which is recorded with every event
+variable contains the audit session ID which is recorded with every event
caused by the process.
.Pp
The
.Fn setaudit_addr
system call
uses the expanded
-.Fa auditinfo_addr_t
+.Fa auditinfo_addr_t
data structure supports Terminal IDs with larger addresses such as those used
in IP version 6. It is defined as follows:
.nf
@@ -134,9 +134,9 @@
.in
.fi
.Pp
-The
+The
.Fa au_tid_addr_t
-data structure which includes a larger address storage field and an additional
+data structure which includes a larger address storage field and an additional
field with the type of address stored:
.nf
.in +4n
More information about the p4-projects
mailing list