Re: A question on monitoring time or time management changes in the kernel and the adjtimex system call

Monday, 9 January 2023

Hello,

On Monday, January 9, 2023 2:33:39 AM EST Burn Alting wrote:
...
 Would it be correct to say that when one sees an adjtimex system call
audit
 event, a change has occurred ONLY if either a AUDIT_TIME_ADJNTPVAL
 (algorithm change) or AUDIT_TIME_INJOFFSET (time change) record is present
 in the event? 
I think if you see either, time has been changed. I haven't studied the 
syscall to see if there isn't a sneak path, but I think they can be relied 
on.

-Steve

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: A question on monitoring time or time management changes in the kernel and the adjtimex system call