[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Adding rules



On Wednesday 07 June 2006 14:30, Steve wrote:
> I am trying to add a rule using audit_add_rule() so audit will "watch" a
> file.  The first problem is that there doesn't seem to be an appropriate
> field under the "Rule Fields" section of audit.h.  The second is that
> the value must be an integer...

You need to be using the audit_rule_data structure. It allows strings to be 
added to it. For an example of setting up a watch, look at the code in 
auditctl.c. Look for audit_setup_watch_name(). You'll need to replicate the 
code in it. Then call audit_add_rule_data().

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]