Chapter 12. Audit Interfaces

Table of Contents

audit_log_start — obtain an audit buffer
audit_log_format — format a message into the audit buffer.
audit_log_end — end one audit record
audit_log — Log an audit record
audit_log_secctx — Converts and logs SELinux context
audit_alloc — allocate an audit context block for a task
__audit_free — free a per-task audit context
__audit_syscall_entry — fill in an audit record at syscall entry
__audit_syscall_exit — deallocate audit context after a system call
__audit_reusename — fill out filename with info from existing entry
__audit_getname — add a name to the list
__audit_inode — store the inode and device from a lookup
auditsc_get_stamp — get local copies of audit_context values
audit_set_loginuid — set current task's audit_context loginuid
__audit_mq_open — record audit data for a POSIX MQ open
__audit_mq_sendrecv — record audit data for a POSIX MQ timed send/receive
__audit_mq_notify — record audit data for a POSIX MQ notify
__audit_mq_getsetattr — record audit data for a POSIX MQ get/set attribute
__audit_ipc_obj — record audit data for ipc object
__audit_ipc_set_perm — record audit data for new ipc permissions
__audit_socketcall — record audit data for sys_socketcall
__audit_fd_pair — record audit data for pipe and socketpair
__audit_sockaddr — record audit data for sys_bind, sys_connect, sys_sendto
audit_signal_info — record signal info for shutting down audit subsystem
__audit_log_bprm_fcaps — store information about a loading bprm and relevant fcaps
__audit_log_capset — store information about the arguments to the capset syscall
audit_core_dumps — record information about processes that end abnormally
audit_rule_change — apply all rules to the specified message type
audit_list_rules_send — list the audit rules
parent_len — find the length of the parent portion of a pathname
audit_compare_dname_path — compare given dentry name with last component in given path. Return of 0 indicates a match.