1AUDIT_ADD_RULE_DATA(3)          Linux Audit API         AUDIT_ADD_RULE_DATA(3)
2
3
4

NAME

6       audit_add_rule_data - Add new audit rule
7

SYNOPSIS

9       #include <libaudit.h>
10
11       int  audit_add_rule_data  (int  fd,  struct  audit_rule_data *rule, int
12       flags, int action);
13
14

DESCRIPTION

16       audit_add_rule  adds  an  audit  rule   previously   constructed   with
17       audit_rule_fieldpair_data(3)  to  one  of several kernel event filters.
18       The filter is specified by the  flags  argument.  Possible  values  for
19       flags are:
20
21
22       ·  AUDIT_FILTER_USER - Apply rule to userspace generated messages.
23
24       ·  AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).
25
26       ·  AUDIT_FILTER_EXIT - Apply rule at syscall exit.
27
28       ·  AUDIT_FILTER_TYPE - Apply rule at audit_log_start.
29
30       The rule's action has two possible values:
31
32
33       ·  AUDIT_NEVER - Do not build context if rule matches.
34
35       ·  AUDIT_ALWAYS - Generate audit record if rule matches.
36

RETURN VALUE

38       The return value is <= 0 on error, otherwise it is the netlink sequence
39       id  number.  This  function  can  have  any  error  that  sendto  would
40       encounter.
41
42

SEE ALSO

44       audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8).
45
46

AUTHOR

48       Steve Grubb.
49
50
51
52Red Hat                            Aug 2009             AUDIT_ADD_RULE_DATA(3)
Impressum