Invalid Call
If you use more than one control command, or omit the control command, or do not include the AW_END terminator command, your code compiles and runs and a record is logged to the audit trail to record the invalid call to the auditwrite(3TSOL) routine. Note that the event is logged to the trail only if the process preselection mask audits the AUE_auditwrite event for failure.
This example shows an invalid auditwrite(3TSOL) routine call that omits the AW_END terminator command and the resulting audit record. The header files for the examples in the rest of this chapter are shown in this first program.
#include <bsm/auditwrite.h>
#include <tsol/label.h>
#include <sys/param.h>
#include <bsm/libbsm.h>
#include <tsol/priv.h>
main()
{
/* Invalid call missing AW_END. Do not do it this way. */
auditwrite(AW_EVENT, "AUE_second_signature", AW_WRITE);
}
An invalid call is logged to syslog, and if the invalid record has enough information, it is also logged to the audit trail. In the example, the invalid call is logged to syslog only with the following information:
header, 194,2,auditwrite routine fail,,Fri Sep 06 10:11:33 1996, + 179 msec text, auditwrite routine aborted: aw_errno = 6 = Command invalid, errno = 0 = no such device or address subject,zelda,zelda,staff,zelda,staff,1774,348,0 0 phoenix slabel,C return,failure,-1 |
- © 2010, Oracle Corporation and/or its affiliates