[PATCH] Race-free auditd shutdown credentials
Steve Grubb
sgrubb at redhat.com
Tue Apr 26 21:41:05 UTC 2005
Hello,
The attached patch addresses the problem with getting the shutdown information
in a race-free way. It creates a new message type AUDIT_TERM_INFO, which is
used by the audit daemon to query who issued the shutdown. It requires the
placement of a hook function that gathers the information.
The userspace component will be released later in audit 0.7.2. When it
receives the TERM signal, it queries the kernel for shutdown information.
When it receives it, it writes the message and shutsdown. The message looks
like this:
type=DAEMON msg=auditd(1114551182.000) auditd normal halt, sending pid=2650
uid=525, auditd pid=1685
Signed-off-by: Steve Grubb <sgrubb at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux-2.6.9-audit-terminfo.patch
Type: text/x-diff
Size: 5139 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050426/69ea6a2b/attachment.bin>
More information about the Linux-audit
mailing list