[redhat-lspp] Using the Audit Failure Action Query functionality
Lisa Smith
lisa.m.smith at hp.com
Mon Jul 17 18:03:52 UTC 2006
Starting with audit 1.2.4, the new audit failure action functionality is
available for applications and services.
The 1.2.5 audit package contains a man page for the new API,
get_auditfail_action(), which includes the following example that can be
used as a starting point for application developers:
/* Sample code */
auditfail_t failmode;
if ((fd = audit_open() ) < 0 ) {
fprintf (stderr, "Cannot open netlink audit socket");
/* Get the failure_action */
if ((rc = get_auditfail_action(&failmode)) == 0) {
if (failmode == FAIL_LOG)
fprintf (stderr, "Audit subsystem unavailable");
else if (failmode == FAIL_TERMINATE)
exit (1);
/* If failmode == FAIL_IGNORE, do nothing */
}
}
I'm happy to provide help to anyone who would like to incorporate the
new functionality into an application they are maintaining. If there
are any applications people would like me to go ahead and modify, please
let me know.
Lisa
More information about the redhat-lspp
mailing list