List of security and auditing subroutines
This section lists security and auditing subroutines.
Access control subroutines
Subroutine | Description |
---|---|
acl_chg or acl_fchg | Change the access control information on a file |
acl_get or acl_fget | Get the access control information of a file |
acl_put or acl_fput | Set the access control information of a file |
acl_set or acl_fset | Set the base entries of the access control information of a file |
aclx_convert | Convert the access control information from one ACL type to another |
aclx_get or aclx_fget | Get the access control information of a file if the ACL associated is of the AIXC type |
aclx_gettypeinfo | Retrieve the ACL characteristics given to an ACL type |
aclx_gettypes | Retrieve the list of ACL types supported for the file system associated with the path provided |
aclx_print or aclx_printStr | Convert the binary access control information into nonbinary, readable format |
aclx_put or aclx_fput | Stores the access control information for a file system object |
aclx_scan or aclx_scanStr | Convert the access control information that is in nonbinary, readable text format into ACL type-specific native format binary ACL data |
chacl or fchac l | Change the permissions on a file |
chmod or fchmod | Change file access permissions |
chown, fchown, chownx, or fchownx | Change file ownership |
frevoke | Revoke access to a file by other processes |
revoke | Revoke access to a file |
statacl or fstatacl | Retrieve the access control information for a file |
Auditing subroutines
Subroutine | Description |
---|---|
audit | Enables and disables system auditing |
auditbin | Defines files to contain audit records |
auditevents | Gets or sets the status of system event auditing |
auditlog | Appends an audit record to an audit bin file |
auditobj | Gets or sets the auditing mode of a system data object |
auditpack | Compresses and uncompresses audit bins |
auditproc | Gets or sets the audit state of a process |
auditread or auditread_r | Read an audit record |
auditwrite | Writes an audit record |
Identification and authentication subroutines
User authentication routines have a potential to store passwords and encrypted passwords in memory. This may expose passwords and encrypted passwords in coredumps.
Subroutine | Description |
---|---|
authenticate | Authenticates the user's name and password |
ckuseracct | Checks the validity of a user account |
ckuserID | Authenticates the user |
crypt, encrypt, or setkey | Encrypt or decrypt data |
genpagvalue | Generates a system-wide unique PAG value for a given PAG name such as afs. |
getpagvalue64 | Retrieves 64-bit PAG values for a process. |
setpagvalue64 | Stores 64-bit PAG values for a process. . |
getgrent, getgrgid, getgrnam, setgrent, or endgrent | Accesses the basic group information in the user database |
getgrgid_r | Gets a group database entry for a group ID in a multithreaded environment |
getgrnam_r | Searches a group database for a name in a multithreaded environment |
getgroupattr, IDtogroup, nextgroup, or putgroupattr | Accesses the group information in the user database |
getlogin | Gets the user's login name |
getlogin_r | Gets the user's login name in a multithreaded environment |
getpass | Reads a password |
getportattr or putportattr | Access the port information in the port database |
getpwent, getpwuid, getpwnam, putpwent, setpwent, or endpwent | Access the basic user information in the user database |
getuinfo | Finds the value associated with a user |
getuserattr, IDtouser, nextuser, or putuserattr | Access the user information in the user database |
getuserpw, putuserpw, or putuserpwhist | Access the user authentication data |
loginfailed | Records an unsuccessful login attempt |
loginrestrictions | Determines if a user is allowed to access the system |
loginsuccess | Records a successful login |
newpass | Generates a new password for a user |
passwdexpired | Checks the user's password to determine if it has expired |
setpwdb or endpwdb | Open or close the authentication database |
setuserdb or enduserdb | Open or close the user database |
system | Runs a shell command |
tcb | Alters the Trusted Computing Base status of a file |
Process subroutines
Subroutine | Description |
---|---|
getgid or getegid | Get the real or group ID of the calling process |
getgroups | Gets the concurrent group set of the current process |
getpcred | Gets the current process security credentials |
getpenv | Gets the current process environment |
getuid or geteuid | Get the real or effective user ID of the current process |
initgroups | Initializes the supplementary group ID of the current process |
kleenup | Cleans up the run-time environment of a process |
setgid, setrgid, setegid, or setregid | Set the group IDs of the calling process |
setgroups | Sets the supplementary group ID of the current process |
setpcred | Sets the current process credentials |
setpenv | Sets the current process environment |
setuid, setruid, setuid, or setreuid | Set the process user IDs |
usrinfo | Gets and sets user information about the owner of the current process |