Assorted questions

[Steve Grubb]

On Thursday 09 August 2007 10:34:06 Matthew Booth wrote:
> Questions relate to RHEL4 (unless they don't).
>
> How can I programmatically translate an architecture into human, eg
> 40000003 => 'i686'?

>From ausearch source code, ausearch-report.c:

static void print_arch(const char *val)
{
        unsigned int ival;
        const char *ptr;

        errno = 0;
        ival = strtoul(val, NULL, 16);
        if (errno) {
                printf("conversion error(%s) ", val);
                return;
        }
        machine = audit_elf_to_machine(ival);
        if (machine < 0) {
                printf("unknown elf type(%s) ", val);
                return;
        }
        ptr = audit_machine_to_name(machine);
        printf("%s ", ptr);
}


> Is there a way of doing a syscall name lookup without having root?

You do not have to have root to call either of these functions:

extern int audit_name_to_syscall(const char *sc, int machine);
extern const char *audit_syscall_to_name(int sc, int machine);


> In RHEL5, what's the equivalent of 'auditctl -t'?

auditctl -t does not exist anymore.

-Steve