Re: Which userspace packages modified for audit
On Sunday 25 February 2007 17:35:08 Matthew Booth wrote:
> There are several APIs to enforce consistent messages depending
on the
> purpose. They all start with audit_log_ .
That's a lot of choices. I specifically want to log a message in my
ausetauid utility containing the fully command line executed under a
different auid.
You would need to build your message in a buffer and pass it to
audit_log_user_message() as the message param since an API has not been built
for the purpose you described in 1.0.15. You will also want to follow naming
conventions laid out in the parsing spec.
To make sure it turns up in searches, I want it to have the same
audit event
ID as the LOGIN message it generates.
No can do.
Is this achievable, and which function should I read the source for
;) ?
Nope. Setting the loginuid is a discrete event seen from the kernel's
perspective.
-Steve