OpenExtensions Audit Function Codes
This appendix documents the audit function codes contained in data type 256 for OpenExtensions audit records. The audit function code identifies the OpenExtensions service which triggered the creation of the audit record.
The audit function code appears in the SMF type 80 record as a
halfword numeric value shown in the Value
column. When SMF
data unload processes the SMF type 80 record, the halfword value is
converted to an 11 character string shown in the Character String
column.
It is important to note that the string value represents the service
which was invoked, but does not indicate how it was invoked. For example,
the SETEUID (set effective UID) function could have been invoked as
the seteuid() C runtime syscall, as the BPX1SEU callable service,
or as a DIAGNOSE X'29C'.
Table 1 contains the values that are audited in both z/VM® and z/OS® environments. The audit function codes that are audited on z/VM are a subset of those audited on z/OS.
These definitions are available in IRRPAFC in RACF® MACLIB.
| Name | Description | Value | Character String |
|---|---|---|---|
| AFC_ACCESS | ck_access | 1 | ACCESS |
| AFC_CHAUDIT_U | chg user audit options | 2 | CHAUDIT |
| AFC_CHDIR | chg current working directory | 3 | CHDIR |
| AFC_CHMOD | chg file modes | 4 | CHMOD |
| AFC_CHOWN | chg owner and grp of a file | 5 | CHOWN |
| AFC_DUB | init a process | 6 | DUB |
| AFC_EXEC | execute a file with setid | 7 | EXEC |
| AFC_FCHAUDIT_U | chg user audit options when file is open | 8 | FCHAUDIT |
| AFC_FCHMOD | chg file modes when file is open | 9 | FCHMOD |
| AFC_FCHOWN | chg owner and group of file when open | 10 | FCHOWN |
| AFC_GETCWD | get current working directory | 11 | GETCWD |
| AFC_GETPSENT | get process entry | 12 | GETPSENT |
| AFC_KILL | signal a process | 13 | KILL |
| AFC_LINK | link to a file | 14 | LINK |
| AFC_LSTAT | get file status don't resolve ending symlink | 15 | LSTAT |
| AFC_MKDIR | make a directory | 16 | MKDIR |
| AFC_MKNOD | make a file node | 18 | MKNOD |
| AFC_MOUNT | mount a file system | 18 | MOUNT |
| AFC_OPEN | open a file | 19 | OPEN |
| AFC_OPENDIR | open a directory | 20 | OPENDIR |
| AFC_PATHCONF | get configurable path name variables | 21 | PATHCONF |
| AFC_PTRACE | debug a process | 22 | PTRACE |
| AFC_READLINK | read a symbolic link | 23 | READLINK |
| AFC_RENAME | rename a file | 26 | RENAME |
| AFC_RMDIR | remove a directory | 25 | RMDIR |
| AFC_SETEGID | set effective GID | 26 | SETEGID |
| AFC_SETEUID | set effective UID | 27 | SETEUID |
| AFC_SETGID | set real/saved and/or effective GID | 28 | SETGID |
| AFC_SETUID | set real/saved and/or effective UID | 29 | SETUID |
| AFC_STAT | get file status | 30 | STAT |
| AFC_SYMLINK | create a symbolic link | 31 | SYMLINK |
| AFC_UNLINK | remove directory entrs (delete a file) | 32 | UNLINK |
| AFC_UNMOUNT | unmount a file system | 33 | UNMOUNT |
| AFC_UTIME | set file access/modification times | 34 | UTIME |
| AFC_UNDUB_EXIT | terminate a process | 35 | UNDUB/_EXIT |
| AFC_WRITE | write to a file (clear setid bits) | 36 | WRITE |
| AFC_CHAUDIT_A | chg auditor audit opts | 37 | CHAUDIT |
| AFC_FCHAUDIT_A | chg auditor audit opts when file is open | 38 | FCHAUDIT |
| AFC_LOOKUP | path name resolution | 39 | LOOKUP |
| AFC_TTYNAME | get pathname of term | 40 | TTYNAME |
| AFC_IOCTL | get path name | 41 | IOCTL |
| AFC_GETMNT | get mount entry | 42 | |
| AFC_QUIESCE | quiesce mount | 43 | QUIESCE |
| AFC_UNQUIESCE | unquiesce mount | 44 | UNQUIESCE |
| AFC_VREGISTER | server registration | 45 | VREGISTER |
| AFC_VRESOLVEPN | server resolve path name | 46 | VRESOLVEPN |
| AFC_VLOOKUP | server lookup | 47 | VLOOKUP |
| AFC_VREADWRITE | server rd write | 48 | VREADWRITE |
| AFC_VREADDIR | server read directory | 49 | VREADDIR |
| AFC_SIGACTION | change Osigset action | 50 | SIGACTION |
| AFC_CREATE | server create | 51 | VCREATE |
| AFC_VMAKEDIR | server make directory | 52 | VMAKEDIR |
| AFC_VSYMLINK | server symbolic link | 53 | VSYMLINK |
| AFC_VSETATTR | server set file attributes | 54 | VSETATTR |
| AFC_VLINK | server link | 55 | VLINK |
| AFC_VREMOVEDIR | server remove directory | 56 | VREMOVEDIR |
| AFC_VREMOVE | server remove | 57 | VREMOVE |
| AFC_VRENAME | server rename | 58 | VRENAME |
| AFC_CHATTR | change file attributes | 59 | CHATTR |
| AFC_FCHATTR | change file attributes for open file | 60 | FCHATTR |
| AFC_THLMT | set thread limit | 61 | THLMT |
| AFC_MSGCTL | message control | 62 | MSGCTL |
| AFC_MSGGET | message obtain | 63 | MSGGET |
| AFC_MSGRCV | message receive | 64 | MSGRCV |
| AFC_MSGSND | message send | 65 | MSGSND |
| AFC_SEMCTL | semaphore control | 66 | SEMCTL |
| AFC_SEMGET | get set of semaphores | 67 | SEMGET |
| AFC_SEMOP | semaphore operations | 68 | SEMOP |
| AFC_SHMAT | shared memory attach | 69 | SHMAT |
| AFC_SHMCTL | shared memory control | 70 | SHMCTL |
| AFC_SETREGID | set real and/or effective GID | 71 | SETREGID |
| AFC_SHMGET | shared memory get | 72 | SHMGET |
| AFC_WGETIPC | query IPC status | 73 | W_GETIPC |
| AFC_REMOVE | remove | 74 | RPC_RMID |
| AFC_SET_MODE | set mode | 75 | IPC_SET |
| AFC_SET_MSGQB | set msg queue max bytes | 76 | IPC_SET |
| AFC_SET_GID | set supplementary groups | 77 | SETGROUPS |
| AFC_PASSWORD | verify password | 78 | _PASSWD |
| AFC_LCHOWN | change owner and group of a symbolic link | 79 | LCHOWN |
| AFC_TRUNCATE | truncate a file | 80 | TRUNCATE |
| AFC_PFSCTL | control function for the phys. file system | 81 | PFSCTL |
| AFC_SETRLIMIT | set maximum resource consumption | 82 | SETRLIMIT |
| AFC_SETPRIORITY | set process scheduling priority | 83 | SETPRIORITY |
| AFC_NICE | change priority of a process | 84 | NICE |
| AFC_SETREUID | set real and/or effective UID | 85 | SETREUID |
| AFC_WRITEV | write on a file | 86 | WRITEV |
| AFC_FCHDIR | change working directory | 87 | FCHDIR |
| AFC_CHROOT | change root directory | 88 | CHROOT |
| AFC_REALPATH | resolve path name | 89 | REALPATH |
| AFC_STATVFS | get file system information | 90 | STATVFS |
| AFC_BIND | bind a name to a socket | 91 | BIND |
| AFC_SOCKET | create an endpoint for communication | 92 | SOCKET |
| AFC_THREAD_SEC | thread level security | 93 | THREAD_SEC |
| AFC_AUTHCHECK | authority check | 94 | AUTHCHECK |
| AFC_ACC_SEND | send access rights | 95 | ACC_SEND |
| AFC_ACC_RECV | receive access rights | 96 | ACC_RECV |
| AFC_ACC_DISC | discard access rights | 97 | ACC_DISC |
| AFC_NEWGRP | newgrp shell utility | 98 | NEWGRP |