Audit recv on RHEL 4 x86_64
Steve Grubb
sgrubb at redhat.com
Tue Apr 24 23:26:47 UTC 2007
On Tuesday 24 April 2007 12:28:29 Matthew Booth wrote:
> How do I audit the recv system call on RHEL 4 x86_64?
recv does not appear to be a x86_64 syscall. It uses recvfrom under the hood.
> More generally, how do I get a list of all system calls which can be audited
> on a particular system?
Generally, all of them can be audited. I scan the headers for each kernel
release and update the tables. For the time being, if you can see it in
strace, you can use it. The only problems is that each arch is slightly
different and then there is the multiplexed syscalls like socketcall &
ipccall.
-Steve
More information about the Linux-audit
mailing list