Re: Adding rules
On Wednesday 07 June 2006 14:30, Steve wrote:
I am trying to add a rule using audit_add_rule() so audit will
"watch" a
file. The first problem is that there doesn't seem to be an appropriate
field under the "Rule Fields" section of audit.h. The second is that
the value must be an integer...
You need to be using the audit_rule_data structure. It allows strings to be
added to it. For an example of setting up a watch, look at the code in
auditctl.c. Look for audit_setup_watch_name(). You'll need to replicate the
code in it. Then call audit_add_rule_data().
-Steve