AUDIT_ADD_RULE_DATA(3)

NAME

audit_add_rule_data - Add new audit rule

SYNOPSIS

#include <libaudit.h>

int  audit_add_rule_data  (int  fd,  struct  audit_rule_data *rule, int
flags, int action);

DESCRIPTION

audit_add_rule adds an audit rule to one of several kernel event filters. The filter is specified by the flags argument. Possible values for flags are:

o AUDIT_FILTER_USER - Apply rule to userspace generated messages.

o AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).

o AUDIT_FILTER_ENTRY - Apply rule at syscall entry.

o AUDIT_FILTER_WATCH - Apply rule to file system watches.

o AUDIT_FILTER_EXIT - Apply rule at syscall exit.

o AUDIT_FILTER_TYPE - Apply rule at audit_log_start.

The rule's action has two possible values:

o AUDIT_NEVER - Do not build context if rule matches.

o AUDIT_ALWAYS - Generate audit record if rule matches.

RETURN VALUE

The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.

SEE ALSO

audit_delete_rule_data(3), audit_add_watch(3), auditctl(8).

AUTHOR

Steve Grubb.

Red Hat Oct 2006 AUDIT_ADD_RULE_DATA(3)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout