[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Audit recv on RHEL 4 x86_64



On Tuesday 24 April 2007 12:28:29 Matthew Booth wrote:
> How do I audit the recv system call on RHEL 4 x86_64?

recv does not appear to be a x86_64 syscall. It uses recvfrom under the hood.

> More generally, how do I get a list of all system calls which can be audited
> on a particular system?

Generally, all of them can be audited. I scan the headers for each kernel 
release and update the tables. For the time being, if you can see it in 
strace, you can use it. The only problems is that each arch is slightly 
different and then there is the multiplexed syscalls like socketcall & 
ipccall.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]