1AUDIT_ADD_RULE_DATA(3)          Linux Audit API         AUDIT_ADD_RULE_DATA(3)
2
3
4

NAME

6       audit_add_rule_data - Add new audit rule
7

SYNOPSIS

9       #include <libaudit.h>
10
11       int  audit_add_rule_data  (int  fd,  struct  audit_rule_data *rule, int
12       flags, int action);
13
14

DESCRIPTION

16       audit_add_rule adds an audit rule to one of several kernel  event  fil‐
17       ters.  The  filter  is specified by the flags argument. Possible values
18       for flags are:
19
20
21       ·  AUDIT_FILTER_USER - Apply rule to userspace generated messages.
22
23       ·  AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).
24
25       ·  AUDIT_FILTER_ENTRY - Apply rule at syscall entry.
26
27       ·  AUDIT_FILTER_WATCH - Apply rule to file system watches.
28
29       ·  AUDIT_FILTER_EXIT - Apply rule at syscall exit.
30
31       ·  AUDIT_FILTER_TYPE - Apply rule at audit_log_start.
32
33       The rule's action has two possible values:
34
35
36       ·  AUDIT_NEVER - Do not build context if rule matches.
37
38       ·  AUDIT_ALWAYS - Generate audit record if rule matches.
39

RETURN VALUE

41       The return value is <= 0 on error, otherwise it is the netlink sequence
42       id  number.  This  function  can  have  any  error  that  sendto  would
43       encounter.
44
45

SEE ALSO

47       audit_delete_rule_data(3), audit_add_watch(3), auditctl(8).
48
49

AUTHOR

51       Steve Grubb.
52
53
54
55Red Hat                            Oct 2006             AUDIT_ADD_RULE_DATA(3)
Impressum