Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
25.  BSM Services Reference Audit Token Formats ipc Token  Previous   Contents   Next 
   
 

ipc_perm Token

The ipc_perm token contains a copy of the System V IPC access information. This token is added to audit records that are generated by IPC shared-memory events, IPC semaphore events, and IPC message events. The ipc_perm token has eight fields:

  • a token ID that identifies this token as an ipc_perm token

  • the user ID of the IPC owner

  • the group ID of the IPC owner

  • the user ID of the IPC creator

  • the group ID of the IPC creator

  • the access modes of the IPC

  • the sequence number of the IPC

  • the IPC key value

The praudit command displays the ipc_perm token as follows: 

IPC perm,root,wheel,root,wheel,0,0,0x00000000

The values are taken from the ipc_perm structure that is associated with the IPC object. The following figure shows the format of an ipc_perm token.

Figure 25-17 ipc_perm Token Format

iport Token

The iport token contains the TCP (or UDP) port address. The iport token has two fields:

  • a token ID that identifies this token as an iport token

  • the TCP/UDP port address

The praudit command displays the iport token as follows: 

ip port,0xf6d6

The following figure shows the format of an iport token.

Figure 25-18 iport Token Format

newgroups Token

This token replaces the groups token. Notice that the praudit command does not distinguish between the two tokens, as both token IDs are labelled groups when ASCII output is displayed.

The newgroups token records the groups entries from the process's credential. The newgroups token has two fixed fields:

  • a token ID field that identifies this token as a newgroups token

  • a count that represents the number of groups that are contained in this audit record

The remainder of this token is composed of zero or more group entries. The praudit command displays the ip port token as follows:

group, staff, admin

The following figure shows the format of a newgroups token.

Figure 25-19 newgroups Token Format

Note - The newgroups token is output only when the group audit policy is active.

opaque Token

The opaque token contains unformatted data as a sequence of bytes. The opaque token has three fields:

  • a token ID that identifies this token as an opaque token

  • a byte count of the data

  • an array of byte data

The praudit command displays the opaque token as follows: 

opaque,12,0x4f5041515545204441544100

The following figure shows the format of an opaque token.

Figure 25-20 opaque Token Format

path Token

The path token contains access path information for an object. This token contains the following fields:

  • a token ID that identifies this token as an path token

  • a byte count of the path length

  • the absolute path to the object that is based on the real root of the system

The praudit command displays the path token as follows. Note that the path length field is not displayed.

path,/etc/security/audit_user

The following figure shows the format of a path token.

Figure 25-21 path Token Format

process Token

The process token contains information about a user who is associated with a process, such as the recipient of a signal. The process token has nine fields:

  • a token ID that identifies this token as a process token

  • the invariant audit ID

  • the effective user ID

  • the effective group ID

  • the real user ID

  • the real group ID

  • the process ID

  • the audit session ID

  • a terminal ID that consists of a device ID and a machine ID

 		 
 
  Previous   Contents   Next