The AW_PRIVILEGE token places a privilege set into the audit record. This example logs the allowed privilege set for the specified executable file to the audit record.
priv_set_t allowed_set; PRIV_EMPTY(&allowed_set); retval = getfpriv("/export/home/zelda/program", PRIV_ALLOWED, allowed_set); auditwrite(AW_EVENT, "AUE_second_signature", AW_PRIVILEGE, AU_PRIV_ALLOWED, &allowed_set, AW_WRITE, AW_END);
The viewing terminal shows this record:
header,116,3,second signature requested,,Fri Mar 21 10:12:21 1997, + 809 msec privilege,allowed,proc_audit_appl subject,zelda,zelda,staff,zelda,staff,420,286,0 0 phoenix slabel,C return,success,0 |