Which userspace packages modified for audit
Matthew Booth
mbooth at redhat.com
Sun Feb 25 22:35:08 UTC 2007
On Sun, 2007-02-25 at 17:30 -0500, Steve Grubb wrote:
> On Sunday 25 February 2007 17:15:23 Matthew Booth wrote:
> > On a related note, what's the api for injecting an arbitrary audit event
> > from userspace in 1.0.15?
>
> audit_log_user_message().
>
> > There doesn't appear to be anything obvious in the man pages.
>
> There are several APIs to enforce consistent messages depending on the
> purpose. They all start with audit_log_ .
That's a lot of choices. I specifically want to log a message in my
ausetauid utility containing the fully command line executed under a
different auid. To make sure it turns up in searches, I want it to have
the same audit event ID as the LOGIN message it generates. Is this
achievable, and which function should I read the source for ;) ?
Thanks,
Matt
--
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070225/e11ed78f/attachment.sig>
More information about the Linux-audit
mailing list