* Using the Audit Failure Action Query functionality
@ 2006-07-17 18:03 Lisa Smith
0 siblings, 0 replies; only message in thread
From: Lisa Smith @ 2006-07-17 18:03 UTC (permalink / raw)
To: LSPP, Audit Mailing List
Starting with audit 1.2.4, the new audit failure action functionality is
available for applications and services.
The 1.2.5 audit package contains a man page for the new API,
get_auditfail_action(), which includes the following example that can be
used as a starting point for application developers:
/* Sample code */
auditfail_t failmode;
if ((fd = audit_open() ) < 0 ) {
fprintf (stderr, "Cannot open netlink audit socket");
/* Get the failure_action */
if ((rc = get_auditfail_action(&failmode)) == 0) {
if (failmode == FAIL_LOG)
fprintf (stderr, "Audit subsystem unavailable");
else if (failmode == FAIL_TERMINATE)
exit (1);
/* If failmode == FAIL_IGNORE, do nothing */
}
}
I'm happy to provide help to anyone who would like to incorporate the
new functionality into an application they are maintaining. If there
are any applications people would like me to go ahead and modify, please
let me know.
Lisa
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-07-17 18:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-17 18:03 Using the Audit Failure Action Query functionality Lisa Smith
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).