Chapter 12. Audit Interfaces

Table of Contents

audit_log_start — obtain an audit buffer

audit_log_format — format a message into the audit buffer.

audit_log_end — end one audit record

audit_log — Log an audit record

audit_alloc — allocate an audit context block for a task

audit_free — free a per-task audit context

audit_syscall_entry — fill in an audit record at syscall entry

audit_syscall_exit — deallocate audit context after a system call

__audit_getname — add a name to the list

__audit_inode — store the inode and device from a lookup

auditsc_get_stamp — get local copies of audit_context values

audit_set_loginuid — set a task's audit_context loginuid

__audit_mq_open — record audit data for a POSIX MQ open

__audit_mq_sendrecv — record audit data for a POSIX MQ timed send/receive

__audit_mq_notify — record audit data for a POSIX MQ notify

__audit_mq_getsetattr — record audit data for a POSIX MQ get/set attribute

__audit_ipc_obj — record audit data for ipc object

__audit_ipc_set_perm — record audit data for new ipc permissions

audit_socketcall — record audit data for sys_socketcall

__audit_fd_pair — record audit data for pipe and socketpair

audit_sockaddr — record audit data for sys_bind, sys_connect, sys_sendto

__audit_signal_info — record signal info for shutting down audit subsystem

__audit_log_bprm_fcaps — store information about a loading bprm and relevant fcaps

__audit_log_capset — store information about the arguments to the capset syscall

audit_core_dumps — record information about processes that end abnormally

audit_receive_filter — apply all rules to the specified message type