Architecture of auditd
Aaron Lewis
the.warl0ck.1989 at gmail.com
Wed Dec 25 10:48:52 UTC 2013
Hi I wrote a very simple program to retrieve netlink sockets (audit messages),
But it stuck at recvfrom, am I missing something?
#include <stdio.h>
#include <unistd.h>
#include <assert.h>
#include <string.h>
#include <stdlib.h>
#include <math.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#define ERR_QUIT(a) do { perror(a); exit (1); } while (0);
#ifndef PF_NETLINK
# define PF_NETLINK 16
#endif
char message [10000];
int main (int argc , char **argv)
{
int fd, len;
struct sockaddr_nl nladdr;
socklen_t nladdrlen = sizeof(nladdr);
fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
if (fd < 0)
ERR_QUIT("socket");
len = recvfrom(fd, &message, sizeof(message), 0, (struct
sockaddr*)&nladdr, &nladdrlen);
if (len < 0)
ERR_QUIT("recvfrom");
printf ("Received %d bytes\n", len);
return 0;
}
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
More information about the Linux-audit
mailing list