More audit message types
Mounir Bsaibes
bsaibes at us.ibm.com
Thu Feb 10 21:17:44 UTC 2005
Mounir Bsaibes
Linux Security
Tel: (512) 838-1301
Cell: (512) 762-9957
Fax: (512) 838-8858
e-mail: bsaibes at us.ibm.com
linux-audit-bounces at redhat.com wrote on 02/10/2005 01:51:20 PM:
> Hello,
>
> I'm working on the code for the audit daemon that writes the startup and
> termination records to the audit log. I want to add more message types
to
> handle this. I have 2 ways to do it. 1) add the defines to the kernel
audit.h
> file or 2) add the defines to libaudit.h and hope we never have a clash.
libaudit.h includes linux/audit.h.
I think it is better to keep all these defines in one place.
>
> I'm setting message types in the range of 1500 - 1599 for audit daemon
local
> use. I doubt we'll ever need more that 4-5, but numbers are cheap. In
order
> to keep working on this, I'm putting it in libaudit.h. It looks like
this:
>
> /* These audit message types are for audit daemon local use. */
> #define AUDIT_START 1500 /* Define daemon start record */
> #define AUDIT_TERM_NORM 1501 /* Define normal termination */
> #define AUDIT_TERM_ERR 1502 /* Define error termination */
>
> Any consensus as to whether they belong in the kernel's audit.h or
libaudit.h?
>
> Thanks,
> -Steve Grubb
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list