Re: Assorted questions
On Thursday 09 August 2007 10:34:06 Matthew Booth wrote:
Questions relate to RHEL4 (unless they don't).
How can I programmatically translate an architecture into human, eg
40000003 => 'i686'?
From ausearch source code, ausearch-report.c:
static void print_arch(const char *val)
{
unsigned int ival;
const char *ptr;
errno = 0;
ival = strtoul(val, NULL, 16);
if (errno) {
printf("conversion error(%s) ", val);
return;
}
machine = audit_elf_to_machine(ival);
if (machine < 0) {
printf("unknown elf type(%s) ", val);
return;
}
ptr = audit_machine_to_name(machine);
printf("%s ", ptr);
}
Is there a way of doing a syscall name lookup without having root?
You do not have to have root to call either of these functions:
extern int audit_name_to_syscall(const char *sc, int machine);
extern const char *audit_syscall_to_name(int sc, int machine);
In RHEL5, what's the equivalent of 'auditctl -t'?
auditctl -t does not exist anymore.
-Steve