K 10
svn:author
V 6
eadler
K 8
svn:date
V 27
2018-03-15T02:20:06.607930Z
K 7
svn:log
V 505
MFC r302525,r302526:

Do allow auditing of read(2) and write(2) system calls, by assigning
those system calls audit event identifiers AUE_READ and AUE_WRITE.
While auditing file-descriptor I/O is not required by the Common
Criteria, in practice this proves useful for both live and forensic
analysis.

NB: freebsd32 already assigns AUE_READ and AUE_WRITE to read(2) and
write(2).

In process-descriptor close(2) and fstat(2), audit target process
information.  pgkill(2) already audits target process ID.

END