sun.com   |  docs.sun.com
How To Buy  |  My Sun  |  Worldwide Sites
         
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 
System Administration Guide: Security Services >> 23.  BSM Service (Reference) >> Audit Token Formats 

Previous Previous     Contents     Index     Next Next

acl Token

The acl token records information about Access Control Lists. This token consists of four fixed fields:

  • A token ID that identifies this token as an acl token

  • A field that specifies the ACL type

  • An ACL ID field

  • A field that lists the permissions associated with this ACL

The praudit command displays the acl token as follows:

acl,tpanero,staff,0755

The following figure shows the format of the acl token.

Figure 23-4 acl Token Format

The preceding context describes the graphic.

arbitrary Token

The arbitrary token encapsulates data for the audit trail. This token consists of four fixed fields and an array of data. The fixed fields are as follows:

  • A token ID that identifies this token as an arbitrary token

  • A suggested format field, such as hexadecimal

  • A size field that specifies the size of the data that is encapsulated, such as short

  • A count field that provides the number of following items

The remainder of the token is composed of one or more items of the specified type. The praudit command displays the arbitrary token as follows: 

arbitrary,decimal,int,1
42

The following figure shows the format of the arbitrary token.

Figure 23-5 arbitrary Token Format

The preceding context describes the graphic.

The following table shows the possible values of the print format field. Table 23-5.

Table 23-5 Values for the arbitrary Token's Print Format Field

Value

Action

AUP_BINARY

Prints the date in binary format

AUP_OCTAL

Prints the date in octal format

AUP_DECIMAL

Prints the date in decimal format

AUP_HEX

Prints the date in hexadecimal format

AUP_STRING

Prints the date as a string

The following table shows the possible values of the item size field.

Table 23-6 Values for the arbitrary Token's Item Size Field

Value

Action

AUR_BYTE

Data is printed in units of bytes in 1 byte

AUR_SHORT

Data is printed in units of shorts in 2 bytes

AUR_LONG

Data is printed in units of longs in 4 bytes

arg Token

The arg token contains information about the arguments to a system call: the argument number of the system call, the argument value, and an optional description. This token allows a 32-bit integer system-call argument in an audit record. The arg token has five fields:

  • A token ID that identifies this token as an arg token

  • An argument ID that tells which system call argument that the token refers to

  • The argument value

  • The length of the descriptive text string

  • The text string

The praudit command displays the arg token as follows: 

argument,1,0x00000000,addr

The following figure shows the format of the arg token.

Figure 23-6 arg Token Format

The preceding context describes the graphic.

attr Token

The attr token contains information from the file vnode. This token has seven fields:

  • A token ID that identifies this token as an attr token

  • The file access mode and type

  • The owner user ID

  • The owner group ID

  • The file system ID

  • The inode ID

  • The device ID the file might represent

See the statvfs(2) man page for further information about the file system ID and the device ID.

The attr token usually accompanies a path token. The attr token is produced during path searches. In the event of a path-search error, there is no vnode available to obtain the necessary file information. Therefore, the attr token is not included as part of the audit record. The praudit command displays the attr token as follows: 

attribute,100555,root,staff,1805,13871,-4288

The following figure shows the format of an attr token.

Figure 23-7 attr Token Format

The preceding context describes the graphic.
Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2003 Sun Microsystems