From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Subject: Adding rules Date: Wed, 07 Jun 2006 14:30:03 -0400 Message-ID: <44871B2B.4050807@ornl.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k57IU6Qg028554 for ; Wed, 7 Jun 2006 14:30:06 -0400 Received: from emroute4.ornl.gov (emroute4.ornl.gov [160.91.86.27]) by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k57IU61Q026011 for ; Wed, 7 Jun 2006 14:30:06 -0400 Received: from emroute4.ornl.gov (localhost [127.0.0.1]) by emroute4.ornl.gov (PMDF V6.2-1x9 #31038) with ESMTP id <0J0I0009A625W5@emroute4.ornl.gov> for linux-audit@redhat.com; Wed, 07 Jun 2006 14:30:05 -0400 (EDT) Received: from ORNLEXCHANGE.ornl.gov (ornlexchange1.ornl.gov [160.91.1.20]) by emroute4.ornl.gov (PMDF V6.2-1x9 #31038) with ESMTP id <0J0I00MMQ625XU@emroute4.ornl.gov> for linux-audit@redhat.com; Wed, 07 Jun 2006 14:30:05 -0400 (EDT) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com I am attempting to create a c program that can add rules to the audit sub-system and monitor the resulting events. I have read through the code in libaudit.h, audit.h, audit.c, and auditsc.c as well as several man pages pertaining to audit and extended searching of the web. I am trying to add a rule using audit_add_rule() so audit will "watch" a file. The first problem is that there doesn't seem to be an appropriate field under the "Rule Fields" section of audit.h. The second is that the value must be an integer... I have succeeded in adding the rule from the command-line using auditctl. I would appreciate any help you can offer, Steve I am using: audit-1.2.3-1 and glibc-kernheaders-3.0-37