Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

audit_add_rule_data(3) [centos man page]

AUDIT_ADD_RULE_DATA(3)						  Linux Audit API					    AUDIT_ADD_RULE_DATA(3)

audit_add_rule_data - Add new audit rule SYNOPSIS
#include <libaudit.h> int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action); DESCRIPTION
audit_add_rule adds an audit rule previously constructed with audit_rule_fieldpair_data(3) to one of several kernel event filters. The fil- ter is specified by the flags argument. Possible values for flags are: o AUDIT_FILTER_USER - Apply rule to userspace generated messages. o AUDIT_FILTER_TASK - Apply rule at task creation (not syscall). o AUDIT_FILTER_EXIT - Apply rule at syscall exit. o AUDIT_FILTER_TYPE - Apply rule at audit_log_start. The rule's action has two possible values: o AUDIT_NEVER - Do not build context if rule matches. o AUDIT_ALWAYS - Generate audit record if rule matches. RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter. SEE ALSO
audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8). AUTHOR
Steve Grubb. Red Hat Aug 2009 AUDIT_ADD_RULE_DATA(3)

Check Out this Related Man Page

AUDIT_SET_FAILURE(3)						  Linux Audit API					      AUDIT_SET_FAILURE(3)

audit_set_failure - Set audit failure flag SYNOPSIS
#include <libaudit.h> int audit_set_failure (int fd, int failure); DESCRIPTION
audit_set_failure sets the action that the kernel will perform when the backlog limit is reached or when it encounters an error and cannot proceed. Possible values are: 0 - AUDIT_FAIL_PRINTK [default] Log the audit record using printk which will cause subsequent events to get written to syslog. 1 - AUDIT_FAIL_SILENT Do nothing, report nothing, skip logging the record and continue. 2 - AUDIT_FAIL_PANIC Call the panic function. This would be used to prevent use of the machine upon loss of audit events. RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter. SEE ALSO
audit_set_backlog(3), audit_open(3), auditd(8), auditctl(8). AUTHOR
Steve Grubb Red Hat Oct 2006 AUDIT_SET_FAILURE(3)
Man Page

12 More Discussions You Might Find Interesting

1. Post Here to Contact Site Administrators and Moderators


Why did you close all my threads? I undstand that since you may be an advanced unix user, that my questions seem dumb. Hey, they probably are. But the title of the forum is " UNIX for Dummies Questions & Answers" and it says "All UNIX Newbies Welcome !!" So what is the prob? I dont think... (7 Replies)
Discussion started by: LANSTARR.COM
7 Replies

2. Email Antispam Techniques and Email Filtering

procmail rule

I can tell this is not a recently active formum, but here goes, "why doesn't this procmail rule block messages with víagra or v1agra appearing in the subject header :0 * ^Subject:.*(víagra¦v1agra¦pénis¦prescripti0n¦Medicati0n¦M0rtgage¦Xanaxz) { LOG="(THE 7 DIRTY WORDS) " :0 ... (4 Replies)
Discussion started by: jones
4 Replies

3. UNIX for Advanced & Expert Users

pptp / pf issue

Long story short, I have an issue with getting my VPN to connect to my w2k3 server box when I include the block all rule in my pf.conf: block log all Here's the output: Apr 04 06:04:09.291697 rule 1/0(match): block in on hme0: call 3033 seq 0 gre-ppp-payload (gre encap) Apr 04... (0 Replies)
Discussion started by: xyyz
0 Replies

4. HP-UX

Ticks in seconds.

Hello all, Is there any thumb rule or aproximation of the equivalence in second of one tick? Thank you in advance. (1 Reply)
Discussion started by: mig28mx
1 Replies

5. UNIX for Dummies Questions & Answers

Broken the cardinal rule

Hello guys, I have broken the cardinal rule - not creating normal user and working as Root - and as such deleted the /var/adm/messages directory. Is there any way possible to recover this. Kind regards, Dudley. (4 Replies)
Discussion started by: BigTool4u2
4 Replies

6. Shell Programming and Scripting

To make sure I don't violate rule #7

I am hoping to find out if it is possible to use some sort of UNIX programming/scripting tools to solve a problem I have with reformatting email messages that are sent out of my IBM UNIX (AIX) system. I'm thinking some advanced awk/sed may work I do not have the time or the ability to do this... (6 Replies)
Discussion started by: toddk
6 Replies

7. IP Networking

Gigabit Link throughput

As a rule of thumb in doing calculations, what figure would you use in Mbytes/sec? I know the answer varies grealty on the topolgy of the network but I wonde what newteok engineers use a rough rule of thumb? Many thanks. (1 Reply)
Discussion started by: debd
1 Replies

8. Post Here to Contact Site Administrators and Moderators

Something I did?

Hi I has just wondering if I have offended any one or broke some rule that I wasn't aware of. I'm mentioning this because on my last to threads I received nothing. So if I did please point it out to me. Thank you (3 Replies)
Discussion started by: Ex-Capsa
3 Replies

9. Shell Programming and Scripting

Makefile rule being skipped

I can't seem to get a rule in my Makefile to ever run... even if I change the rule to force make to re-enter the rule, or if I change the dependent files the rule depends on. Any ideas why the second rule is being ignored here? #MAKEFILES = $(DIRS:%=$(ROOT)/%/Makefile) #$(MAKEFILES):... (0 Replies)
Discussion started by: foureightyeast
0 Replies

10. Solaris

Solaris - cediag replacement of DIMMS

When cediag was performed the var/adm messages indicated that I the DIMMS should be replaced. DIMMS failed rule#4. Anyone know what rule#4 is? (0 Replies)
Discussion started by: amp4cats
0 Replies

11. UNIX for Advanced & Expert Users

[SOLVED] htaccess rewrite rule help!

hi there, I need that when user input it shows because of facebook likes, and I found out that this is set up as rewrite rule in .htaccess file? how to achieve it? thank you... :confused: ---------- Post updated at 04:47... (0 Replies)
Discussion started by: vogueestylee
0 Replies

12. Shell Programming and Scripting

Help using variable in find rule

I'm not able to use a variable in my find rule. It's essentially being ignored. I'm trying to store a list of file types to ignore in a variable. This is the relevant code. #!/bin/ksh EXCEPTIONS='-not -name "*.xom" -a -not -name "*.sh" -a -not -name "*.pl"' /usr/local/bin/find... (9 Replies)
Discussion started by: skwyer
9 Replies