|
|
HP-UX Reference > Aaudwrite(2)HP-UX 11i Version 2: December 2007 Update |
|
NAMEaudwrite() — write an audit record for a self-auditing process DESCRIPTIONaudwrite() is called by trusted self-auditing processes, which are capable of turning off the regular auditing (using the audswitch() system call, see audswitch(2),) and doing higher-level auditing on their own. audwrite() is restricted to users with the SELFAUDIT privilege. audwrite() checks to see if the auditing system is on and the calling process and the event specified are being audited. If these conditions are met, audwrite() writes the audit record pointed to by audrec_p into the audit file. The record consists of an audit record body and a header with the following fields:
The header has the same format as the regular audit record, while the body contains additional information about the high-level audit event. The header fields ah_error, ah_event, and ah_len are specified by the calling process. audwrite() fills in ah_time and ah_pid fields with the correct values. this is done to reduce the risk of forgery. After the header is completed, the record body is attached and the entire record is written into the current audit file. Security RestrictionsSome or all of the actions associated with this system call require the SELFAUDIT privilege. Processes owned by the superuser have this privilege. Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about privileged access on systems that support fine-grained privileges. RETURN VALUEIf the write is successful, a value of 0 is returned. Otherwise, a value of -1 is returned and errno is set to indicate the reason for the failure. ERRORSaudwrite() fails if one of the following is true:
|
|