AUDIT_ADD_RULE_DATA(3) Linux Audit API AUDIT_ADD_RULE_DATA(3)NAME
audit_add_rule_data - Add new audit rule
SYNOPSIS
#include <libaudit.h>
int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);
DESCRIPTION
audit_add_rule adds an audit rule previously constructed with audit_rule_fieldpair_data(3) to one of several kernel event filters. The fil-
ter is specified by the flags argument. Possible values for flags are:
o AUDIT_FILTER_USER - Apply rule to userspace generated messages.
o AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).
o AUDIT_FILTER_EXIT - Apply rule at syscall exit.
o AUDIT_FILTER_TYPE - Apply rule at audit_log_start.
The rule's action has two possible values:
o AUDIT_NEVER - Do not build context if rule matches.
o AUDIT_ALWAYS - Generate audit record if rule matches.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would
encounter.
SEE ALSO audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8).
AUTHOR
Steve Grubb.
Red Hat Aug 2009 AUDIT_ADD_RULE_DATA(3)
Check Out this Related Man Page
AUDIT_SET_FAILURE(3) Linux Audit API AUDIT_SET_FAILURE(3)NAME
audit_set_failure - Set audit failure flag
SYNOPSIS
#include <libaudit.h>
int audit_set_failure (int fd, int failure);
DESCRIPTION
audit_set_failure sets the action that the kernel will perform when the backlog limit is reached or when it encounters an error and cannot
proceed. Possible values are:
0 - AUDIT_FAIL_PRINTK [default]
Log the audit record using printk which will cause subsequent events to get written to syslog.
1 - AUDIT_FAIL_SILENT
Do nothing, report nothing, skip logging the record and continue.
2 - AUDIT_FAIL_PANIC
Call the panic function. This would be used to prevent use of the machine upon loss of audit events.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would
encounter.
SEE ALSO audit_set_backlog(3), audit_open(3), auditd(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Oct 2006 AUDIT_SET_FAILURE(3)
Man Page
12 More Discussions You Might Find Interesting
1. Post Here to Contact Site Administrators and Moderators
Why did you close all my threads? I undstand that since you may be an advanced unix user, that my questions seem dumb. Hey, they probably are. But the title of the forum is " UNIX for Dummies Questions & Answers" and it says "All UNIX Newbies Welcome !!"
So what is the prob?
I dont think... (7 Replies)
I can tell this is not a recently active formum, but here goes, "why doesn't this procmail rule block
messages with víagra or v1agra appearing in
the subject header
:0
* ^Subject:.*(víagra¦v1agra¦pénis¦prescripti0n¦Medicati0n¦M0rtgage¦Xanaxz)
{
LOG="(THE 7 DIRTY WORDS) "
:0
... (4 Replies)
Long story short, I have an issue with getting my VPN to connect to my w2k3 server box when I include the block all rule in my pf.conf:
block log all
Here's the output:
Apr 04 06:04:09.291697 rule 1/0(match): block in on hme0: call 3033 seq 0 gre-ppp-payload (gre encap)
Apr 04... (0 Replies)
Hello guys,
I have broken the cardinal rule - not creating normal user and working as Root - and as such deleted the /var/adm/messages directory. Is there any way possible to recover this.
Kind regards,
Dudley. (4 Replies)
I am hoping to find out if it is possible to use some sort of UNIX programming/scripting tools to solve a problem I have with reformatting email messages that are sent out of my IBM UNIX (AIX) system. I'm thinking some advanced awk/sed may work
I do not have the time or the ability to do this... (6 Replies)
As a rule of thumb in doing calculations, what figure would you use in Mbytes/sec? I know the answer varies grealty on the topolgy of the network but I wonde what newteok engineers use a rough rule of thumb?
Many thanks. (1 Reply)
Discussion started by: debd
1 Replies
8. Post Here to Contact Site Administrators and Moderators
Hi
I has just wondering if I have offended any one or broke some rule
that I wasn't aware of. I'm mentioning this because on my last to threads
I received nothing. So if I did please point it out to me.
Thank you (3 Replies)
I can't seem to get a rule in my Makefile to ever run... even if I change the rule to force make to re-enter the rule, or if I change the dependent files the rule depends on. Any ideas why the second rule is being ignored here?
#MAKEFILES = $(DIRS:%=$(ROOT)/%/Makefile)
#$(MAKEFILES):... (0 Replies)
When cediag was performed the var/adm messages indicated that I the DIMMS should be replaced. DIMMS failed rule#4. Anyone know what rule#4 is? (0 Replies)
hi there, I need that when user input
mysite.com/ponuka/AAA2869
it shows
mysite.com/ukaz.php?ponuka=AAA2869
because of facebook likes, and I found out that this is set up as rewrite rule in .htaccess file? how to achieve it?
thank you... :confused:
---------- Post updated at 04:47... (0 Replies)
I'm not able to use a variable in my find rule. It's essentially being ignored.
I'm trying to store a list of file types to ignore in a variable.
This is the relevant code.
#!/bin/ksh
EXCEPTIONS='-not -name "*.xom" -a -not -name "*.sh" -a -not -name "*.pl"'
/usr/local/bin/find... (9 Replies)