AUDIT_SET_FAILURE(3) Linux Audit API AUDIT_SET_FAILURE(3)NAME
audit_set_failure - Set audit failure flag
SYNOPSIS
#include <libaudit.h>
int audit_set_failure (int fd, int failure);
DESCRIPTION
audit_set_failure sets the action that the kernel will perform when the backlog limit is reached or when it encounters an error and cannot
proceed. Possible values are:
0 - AUDIT_FAIL_PRINTK [default]
Log the audit record using printk which will cause subsequent events to get written to syslog.
1 - AUDIT_FAIL_SILENT
Do nothing, report nothing, skip logging the record and continue.
2 - AUDIT_FAIL_PANIC
Call the panic function. This would be used to prevent use of the machine upon loss of audit events.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would
encounter.
SEE ALSO audit_set_backlog(3), audit_open(3), auditd(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Oct 2006 AUDIT_SET_FAILURE(3)
Check Out this Related Man Page
AUDIT_ADD_RULE_DATA(3) Linux Audit API AUDIT_ADD_RULE_DATA(3)NAME
audit_add_rule_data - Add new audit rule
SYNOPSIS
#include <libaudit.h>
int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);
DESCRIPTION
audit_add_rule adds an audit rule to one of several kernel event filters. The filter is specified by the flags argument. Possible values
for flags are:
o AUDIT_FILTER_USER - Apply rule to userspace generated messages.
o AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).
o AUDIT_FILTER_ENTRY - Apply rule at syscall entry.
o AUDIT_FILTER_WATCH - Apply rule to file system watches.
o AUDIT_FILTER_EXIT - Apply rule at syscall exit.
o AUDIT_FILTER_TYPE - Apply rule at audit_log_start.
The rule's action has two possible values:
o AUDIT_NEVER - Do not build context if rule matches.
o AUDIT_ALWAYS - Generate audit record if rule matches.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would
encounter.
SEE ALSO audit_delete_rule_data(3), audit_add_watch(3), auditctl(8).
AUTHOR
Steve Grubb.
Red Hat Oct 2006 AUDIT_ADD_RULE_DATA(3)
Hi,
Does anyone seen this error before..
kernel: ENOMEM in journal_alloc_journal_head, retrying.
I encounter this problem on IBM eServers where when the above error appears usually the machine is dead or hanged. Unless a hard reboot is been done. Is this something have to do with the memory... (1 Reply)
hi all,
i have written the following code:
while(proceed !='Y' && proceed!='N' && proceed!='y' && proceed!='n')
{
printf("\nPress \n\t 'Y' or 'y' to continue \n\t 'N' or 'n' to cancel:");
scanf("%c",&proceed);
}
the output i am gettin is:
Press
'Y' to continue
... (1 Reply)
Hi,
As a a security audit, how can I proceed further with Fine tuning and Hardening the linux kernel... I am not sure with the steps how to proceed further... If i do some thing wrong, then its comes with the Kernel panic error. So, I am afraid, how to do the tuning with the kernel.. (1 Reply)