Re: auditing support
Re: auditing support
- Subject: Re: auditing support
- From: "John C. Daub" <email@hidden>
- Date: Wed, 03 Mar 2004 13:09:14 -0600
on 3/3/04 12:58 PM, Shawn Erickson at email@hidden wrote:
>
On Mar 3, 2004, at 8:11 AM, John C. Daub wrote:
>
>
> I'm looking at the auditing support that was added to the kernel in Panther.
>
> I'm figuring out some things from headers, source, and Google, but it's not
>
> enough. Just wondering if anyone knows of any documentation and/or sample
>
> code pertaining to Darwin's kernel auditing support.
>
>
Can you better define "auditing". It can me slightly different things
>
to different folks.
I'm new to this sort of thing (working with the kernel), so please forgive
my newbieness. :-)
I'm looking for information about that which is within
/usr/include/sys/audit.h (from Mac OS X 10.3.2). I see various routines such
as audit(), auditon(), auditsvc(), and auditctl(). I see data structures
like au_record_t, auditinfo_addr_t, and auditinfo_t. I see constants like
AUDIT_CNT, A_GETPOLICY, and AUDIT_RECORD_MAGIC. I'm looking for sample code
or, preferably, documentation about everything within sys/audit.h...
functions, data structures, constants.
I have been able to figure out a few things based off Google searches, but
it appears that tho such auditing support exists in other *nix flavors it is
not standardized. That's why I originally said that I'm looking for code
and/or docs pertaining to Darwin's auditing support.
I hope that clarifies things.
Then if I may ask, what are the slightly different things that "auditing"
could mean in this context?
Thanx for the help. :-)
--
John C. Daub }:-)>=
<
mailto:email@hidden> <
http://www.hsoi.com/>
"We're only gonna die from our own arrogance." - Bad Religion
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.