AUDIT_ADD_WATCH(3) Linux Audit API AUDIT_ADD_WATCH(3)NAME
audit_add_watch - create a rule layout for a watch
SYNOPSIS
#include <libaudit.h>
int audit_add_watch(struct audit_rule_data **rulep, const char *path);
DESCRIPTION
audit_add_watch will create a watch rule in the pointer to a pointer rulep. All that you need to pass it is the full path to a file and it
will initialize the audit_rule_data structure for a watch.
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO audit_add_rule_data(3), audit_delete_rule_data(3).
AUTHOR
Steve Grubb
Red Hat Feb 2007 AUDIT_ADD_WATCH(3)
Check Out this Related Man Page
AUDIT_ADD_RULE_DATA(3) Linux Audit API AUDIT_ADD_RULE_DATA(3)NAME
audit_add_rule_data - Add new audit rule
SYNOPSIS
#include <libaudit.h>
int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);
DESCRIPTION
audit_add_rule adds an audit rule previously constructed with audit_rule_fieldpair_data(3) to one of several kernel event filters. The fil-
ter is specified by the flags argument. Possible values for flags are:
o AUDIT_FILTER_USER - Apply rule to userspace generated messages.
o AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).
o AUDIT_FILTER_EXIT - Apply rule at syscall exit.
o AUDIT_FILTER_TYPE - Apply rule at audit_log_start.
The rule's action has two possible values:
o AUDIT_NEVER - Do not build context if rule matches.
o AUDIT_ALWAYS - Generate audit record if rule matches.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would
encounter.
SEE ALSO audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8).
AUTHOR
Steve Grubb.
Red Hat Aug 2009 AUDIT_ADD_RULE_DATA(3)
Hi all,
I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only.
Regards (6 Replies)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Hi,
Last 2 weeks I have searched many forums and i haven't found the answer for the question:
How to get all command output to Putty title?
Needed it for other programs to know when some jobs on a server is done and is it done right or wrong. Plink stdout and stdin wasn't working, i used many... (1 Reply)
anyone have any idea how do to this with auth_attr?
I suspect if I grant him
solaris.device.:RO::Device Allocation::help=DevAllocHeader.html
that will work but I'm unsure. Just looking for a second opinion. (10 Replies)
I am looking for a stable, reliable system to replace my current Windows systems in the home. These are simple systems that I purchased from the local Big Box store.
I have heard many good things about Unix and it's various children and it sounds like a good option to me. I have worked... (2 Replies)
We have a lot of scripts using cut as :
cut -c 0-8 --works for cut (GNU coreutils) 5.97, but does not work for cut (GNU coreutils) 8.4.
Gives error -
cut: fields and positions are numbered from 1
Try `cut --help' for more information.
The position needs to start with 1 for later... (6 Replies)
I've got a problem with a proxy configuration. We have an LDAP group that lists all users who are authorised to use the proxy to FTP (usually Filezilla) out to the world, and by implication those not in the group should be denied. My users are delighted that this has been enabled and those that... (9 Replies)
hi folks,
how to using tar with exclude directory and compress it using tar.Z
i only know how to exclude dir only with this command below:
tar -cvf /varios/restore/test.tar -X excludefile.txt /jfma/test1/
how to compress it using 1 command?
Thanx
Please use CODE tags as... (6 Replies)
Hello All,
I had recently learnt a bit of Docker(which provides containerization process).
Here are some of my learning points from it.
Let us start first with very basic question:
What is Docker:
Docker is a platform for sysadmins and developers to DEPLOY, DEVELOP and RUN applications ... (7 Replies)
What is the point of this? Whenever I close my shell it appends to the history file without adding this. I have never seen it overwrite my history file.
# When the shell exits, append to the history file instead of overwriting it
shopt -s histappend (3 Replies)
Hello for all,
I am testing the behavior of a 32 bit application running on Solaris 5.10 (SPARC), and realize it reaches 4GB of memory and then crashes.
It doesn't matter the amount of used memory as application is intended to perform many transactions; rather, what I want to achieve is to... (2 Replies)