Chapter 18. Audit Interfaces
Prev
Next
Chapter 18. Audit Interfaces
Table of Contents
audit_log_start
- obtain an audit buffer
audit_log_format
- format a message into the audit buffer.
audit_log_end
- end one audit record
audit_log
- Log an audit record
audit_alloc
- allocate an audit context block for a task
audit_free
- free a per-task audit context
audit_syscall_entry
- fill in an audit record at syscall entry
audit_syscall_exit
- deallocate audit context after a system call
__audit_getname
- add a name to the list
__audit_inode
- store the inode and device from a lookup
__audit_inode_child
- collect inode info for created/removed objects
__audit_inode_update
- update inode info for last collected name
auditsc_get_stamp
- get local copies of audit_context values
audit_set_loginuid
- set a task's audit_context loginuid
audit_get_loginuid
- get the loginuid for an audit_context
__audit_mq_open
- record audit data for a POSIX MQ open
__audit_mq_timedsend
- record audit data for a POSIX MQ timed send
__audit_mq_timedreceive
- record audit data for a POSIX MQ timed receive
__audit_mq_notify
- record audit data for a POSIX MQ notify
__audit_mq_getsetattr
- record audit data for a POSIX MQ get/set attribute
__audit_ipc_obj
- record audit data for ipc object
__audit_ipc_set_perm
- record audit data for new ipc permissions
audit_socketcall
- record audit data for sys_socketcall
audit_sockaddr
- record audit data for sys_bind, sys_connect, sys_sendto
audit_avc_path
- record the granting or denial of permissions
__audit_signal_info
- record signal info for shutting down audit subsystem
audit_receive_filter
- apply all rules to the specified message type