setaudproc(2)

DESCRIPTION

setaudproc() controls process level auditing for the current process and its decendents. It accomplishes this by setting or clearing the u_audproc flag in the u area of the calling process. When this flag is set, the system audits the process; when it is cleared, the process is not audited. This call is restricted to users with the SELFAUDIT privilege.

One of the following flags must be used for aflag:

The u_audproc flag is inherited by the descendents of a process. consequently, the effect of a call to setaudproc() is not limited to the current process, but propagates to all its decendents as well. For example, if setaudproc() is called with the AUD_PROC flag, all subsequent audited system calls in the current process and its descendents are audited until setaudproc() is called with the AUD_CLEAR flag.

Further, setaudproc() performs its action regardless of whether the user executing the process has been selected to be audited or not. For example, if setaudproc() is called with the AUD_PROC (or the AUD_CLEAR) flag, all subsequent audited system calls will be audited (or not audited), regardless of whether the user executing the process has been selected for auditing or not.

Due to these features, setaudproc() should not be used in most self-auditing applications. audswitch() should be used (see audswitch(2)) when the objective is to suspend auditing within a process without affecting its decendents or overriding the user selection aspect of the auditing system.

RETURN VALUE

Upon successful completion, setaudproc() returns 0; otherwise, it returns -1 and sets errno to indicate the error.

AUTHOR

setaudproc() was developed by HP.

SEE ALSO

audevent(1M), audusr(1M), audswitch(2), getaudproc(2), audit(5), privileges(5).