AUDIT_LOG_START(9) Audit Interfaces AUDIT_LOG_START(9)NAME
audit_log_start - obtain an audit buffer
SYNOPSIS
struct audit_buffer * audit_log_start(struct audit_context * ctx, gfp_t gfp_mask, int type);
ARGUMENTS
ctx
audit_context (may be NULL)
gfp_mask
type of allocation
type
audit message type
DESCRIPTION
Returns audit_buffer pointer on success or NULL on error.
Obtain an audit buffer. This routine does locking to obtain the audit buffer, but then no locking is required for calls to
audit_log_*format. If the task (ctx) is a task that is currently in a syscall, then the syscall is marked as auditable and an audit record
will be written at syscall exit. If there is no associated task, then task context (ctx) should be NULL.
COPYRIGHT Kernel Hackers Manual 2.6. July 2010 AUDIT_LOG_START(9)
Check Out this Related Man Page
audit(2)audit(2)NAME
audit - write a record to the audit log
SYNOPSIS
cc [ flag ... ] file ... -lbsm -lsocket -lnsl [ library... ]
#include <sys/param.h>
#include <bsm/libbsm.h>
int audit(caddr_t record, int length);
The audit() function is used to write a record to the system audit log. The data pointed to by record is written to the log after a mini-
mal consistency check, with the length parameter specifying the size of the record in bytes. The data should be a well-formed audit
record as described by audit.log(4).
The kernel validates the record header token type and length, and sets the time stamp value before writing the record to the audit log.
The kernel does not do any preselection for user-level generated events. If the audit policy is set to include sequence or trailer
tokens, the kernel will append
them to the record.
Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.
The audit() function will fail if:
EFAULT The record argument points outside the process's allocated address space.
EINVAL The record header token ID is invalid or the length is either less than the header token size or greater than MAXAUDIT-
DATA.
EPERM The {PRIV_PROC_AUDIT} privilege is not asserted in the effective set of the calling process.
USAGE
Only privileged processes can successfully execute this call.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Stable |
+-----------------------------+-----------------------------+
|MT-Level |MT-Safe |
+-----------------------------+-----------------------------+
bsmconv(1M), auditd(1M), auditon(2), auditsvc(2), getaudit(2), audit.log(4), attributes(5), privileges(5)
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
more information.
31 Mar 2005 audit(2)
Hi all,
I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only.
Regards (6 Replies)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Hi,
Last 2 weeks I have searched many forums and i haven't found the answer for the question:
How to get all command output to Putty title?
Needed it for other programs to know when some jobs on a server is done and is it done right or wrong. Plink stdout and stdin wasn't working, i used many... (1 Reply)
anyone have any idea how do to this with auth_attr?
I suspect if I grant him
solaris.device.:RO::Device Allocation::help=DevAllocHeader.html
that will work but I'm unsure. Just looking for a second opinion. (10 Replies)
I am looking for a stable, reliable system to replace my current Windows systems in the home. These are simple systems that I purchased from the local Big Box store.
I have heard many good things about Unix and it's various children and it sounds like a good option to me. I have worked... (2 Replies)
We have a lot of scripts using cut as :
cut -c 0-8 --works for cut (GNU coreutils) 5.97, but does not work for cut (GNU coreutils) 8.4.
Gives error -
cut: fields and positions are numbered from 1
Try `cut --help' for more information.
The position needs to start with 1 for later... (6 Replies)
I've got a problem with a proxy configuration. We have an LDAP group that lists all users who are authorised to use the proxy to FTP (usually Filezilla) out to the world, and by implication those not in the group should be denied. My users are delighted that this has been enabled and those that... (9 Replies)
hi folks,
how to using tar with exclude directory and compress it using tar.Z
i only know how to exclude dir only with this command below:
tar -cvf /varios/restore/test.tar -X excludefile.txt /jfma/test1/
how to compress it using 1 command?
Thanx
Please use CODE tags as... (6 Replies)
Hello All,
I had recently learnt a bit of Docker(which provides containerization process).
Here are some of my learning points from it.
Let us start first with very basic question:
What is Docker:
Docker is a platform for sysadmins and developers to DEPLOY, DEVELOP and RUN applications ... (7 Replies)
What is the point of this? Whenever I close my shell it appends to the history file without adding this. I have never seen it overwrite my history file.
# When the shell exits, append to the history file instead of overwriting it
shopt -s histappend (3 Replies)
Hello for all,
I am testing the behavior of a 32 bit application running on Solaris 5.10 (SPARC), and realize it reaches 4GB of memory and then crashes.
It doesn't matter the amount of used memory as application is intended to perform many transactions; rather, what I want to achieve is to... (2 Replies)