[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Adding rules



I am attempting to create a c program that can add rules to the audit sub-system and monitor the resulting events. I have read through the code in libaudit.h, audit.h, audit.c, and auditsc.c as well as several man pages pertaining to audit and extended searching of the web.

I am trying to add a rule using audit_add_rule() so audit will "watch" a file. The first problem is that there doesn't seem to be an appropriate field under the "Rule Fields" section of audit.h. The second is that the value must be an integer...

I have succeeded in adding the rule from the command-line using auditctl.

I would appreciate any help you can offer,
Steve

I am using: audit-1.2.3-1 and glibc-kernheaders-3.0-37


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]