on 3/3/04 12:58 PM, Shawn Erickson at shawn@freetimesw.com wrote:
On Mar 3, 2004, at 8:11 AM, John C. Daub wrote:
I'm looking at the auditing support that was added to the kernel in Panther.
I'm figuring out some things from headers, source, and Google, but it's not
enough. Just wondering if anyone knows of any documentation and/or sample
code pertaining to Darwin's kernel auditing support.
Can you better define "auditing". It can me slightly different things
to different folks.
I'm new to this sort of thing (working with the kernel), so please forgive my newbieness. :-) I'm looking for information about that which is within /usr/include/sys/audit.h (from Mac OS X 10.3.2). I see various routines such as audit(), auditon(), auditsvc(), and auditctl(). I see data structures like au_record_t, auditinfo_addr_t, and auditinfo_t. I see constants like AUDIT_CNT, A_GETPOLICY, and AUDIT_RECORD_MAGIC. I'm looking for sample code or, preferably, documentation about everything within sys/audit.h... functions, data structures, constants. I have been able to figure out a few things based off Google searches, but it appears that tho such auditing support exists in other *nix flavors it is not standardized. That's why I originally said that I'm looking for code and/or docs pertaining to Darwin's auditing support. I hope that clarifies things. Then if I may ask, what are the slightly different things that "auditing" could mean in this context? Thanx for the help. :-) -- John C. Daub }:-)>= <mailto:hsoi@hsoi.com> <http://www.hsoi.com/> "We're only gonna die from our own arrogance." - Bad Religion _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.
participants (1)
-
John C. Daub