Rechercher une page de manuel
audit_add_rule_data
Langue: en
Version: 46614 (openSuse - 09/10/07)
Section: 3 (Bibliothèques de fonctions)
NAME
audit_add_rule_data - Add new audit ruleSYNOPSIS
#include <libaudit.h>int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);
DESCRIPTION
audit_add_rule adds an audit rule to one of several kernel event filters. The filter is specified by the flags argument. Possible values for flags are:
- *
- AUDIT_FILTER_USER - Apply rule to userspace generated messages.
- *
- AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).
- *
- AUDIT_FILTER_ENTRY - Apply rule at syscall entry.
- *
- AUDIT_FILTER_WATCH - Apply rule to file system watches.
- *
- AUDIT_FILTER_EXIT - Apply rule at syscall exit.
- *
- AUDIT_FILTER_TYPE - Apply rule at audit_log_start.
The rule's action has two possible values:
- *
- AUDIT_NEVER - Do not build context if rule matches.
- *
- AUDIT_ALWAYS - Generate audit record if rule matches.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.
SEE ALSO
audit_delete_rule_data(3), audit_add_watch(3), auditctl(8).
AUTHOR
Steve Grubb.Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre