All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve <m6x@ornl.gov>
To: linux-audit@redhat.com
Subject: Adding rules
Date: Wed, 07 Jun 2006 14:30:03 -0400	[thread overview]
Message-ID: <44871B2B.4050807@ornl.gov> (raw)

I am attempting to create a c program that can add rules to the audit 
sub-system and monitor the resulting events.  I have read through the 
code in libaudit.h, audit.h, audit.c, and auditsc.c as well as several 
man pages pertaining to audit and extended searching of the web.

I am trying to add a rule using audit_add_rule() so audit will "watch" a 
file.  The first problem is that there doesn't seem to be an appropriate 
field under the "Rule Fields" section of audit.h.  The second is that 
the value must be an integer...

I have succeeded in adding the rule from the command-line using auditctl.

I would appreciate any help you can offer,
Steve

I am using: audit-1.2.3-1 and glibc-kernheaders-3.0-37

             reply	other threads:[~2006-06-07 18:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-07 18:30 Steve [this message]
2006-06-07 18:50 ` Adding rules Steve Grubb
     [not found] <4AC62902.5080505@itt.com>
2009-10-16 22:22 ` adding rules Pittigher, Raymond  - CS
2009-10-17 16:46   ` Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44871B2B.4050807@ornl.gov \
    --to=m6x@ornl.gov \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.