[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Using the Audit Failure Action Query functionality



Starting with audit 1.2.4, the new audit failure action functionality is
available for applications and services. 

The 1.2.5 audit package contains a man page for the new API,
get_auditfail_action(), which includes the following example that can be
used as a starting point for application developers:

              /* Sample code */
              auditfail_t failmode;

              if ((fd = audit_open() ) < 0 ) {
                   fprintf (stderr, "Cannot open netlink audit socket");

                   /* Get the failure_action */
                   if ((rc = get_auditfail_action(&failmode)) == 0) {
                       if (failmode == FAIL_LOG)
                            fprintf (stderr, "Audit subsystem unavailable");
                       else if (failmode == FAIL_TERMINATE)
                            exit (1);
                       /* If failmode == FAIL_IGNORE, do nothing */
                   }
              }

I'm happy to provide help to anyone who would like to incorporate the
new functionality into an application they are maintaining.  If there
are any applications people would like me to go ahead and modify, please
let me know.

Lisa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]