Re: Adding rules - Steve Grubb

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: Adding rules
Date: Wed, 7 Jun 2006 14:50:50 -0400	[thread overview]
Message-ID: <200606071450.51264.sgrubb@redhat.com> (raw)
In-Reply-To: <44871B2B.4050807@ornl.gov>

On Wednesday 07 June 2006 14:30, Steve wrote:
> I am trying to add a rule using audit_add_rule() so audit will "watch" a
> file.  The first problem is that there doesn't seem to be an appropriate
> field under the "Rule Fields" section of audit.h.  The second is that
> the value must be an integer...

You need to be using the audit_rule_data structure. It allows strings to be 
added to it. For an example of setting up a watch, look at the code in 
auditctl.c. Look for audit_setup_watch_name(). You'll need to replicate the 
code in it. Then call audit_add_rule_data().

-Steve

next prev parent reply	other threads:[~2006-06-07 18:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-07 18:30 Adding rules Steve
2006-06-07 18:50 ` Steve Grubb [this message]
     [not found] <4AC62902.5080505@itt.com>
2009-10-16 22:22 ` adding rules Pittigher, Raymond  - CS
2009-10-17 16:46   ` Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200606071450.51264.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.