Re: Which userspace packages modified for audit
On Sun, 2007-02-25 at 17:30 -0500, Steve Grubb wrote:
On Sunday 25 February 2007 17:15:23 Matthew Booth wrote:
> On a related note, what's the api for injecting an arbitrary audit event
> from userspace in 1.0.15?
audit_log_user_message().
> There doesn't appear to be anything obvious in the man pages.
There are several APIs to enforce consistent messages depending on the
purpose. They all start with audit_log_ .
That's a lot of choices. I specifically want to log a message in my
ausetauid utility containing the fully command line executed under a
different auid. To make sure it turns up in searches, I want it to have
the same audit event ID as the LOGIN message it generates. Is this
achievable, and which function should I read the source for ;) ?
Thanks,
Matt
--
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
Attachments:
- signature.asc (application/pgp-signature — 189 bytes)