Chapter 12. Audit Interfaces

Table of Contents

audit_log_start - obtain an audit buffer
audit_log_format - format a message into the audit buffer.
audit_log_end - end one audit record
audit_log - Log an audit record
audit_alloc - allocate an audit context block for a task
audit_free - free a per-task audit context
audit_syscall_entry - fill in an audit record at syscall entry
audit_syscall_exit - deallocate audit context after a system call
__audit_getname - add a name to the list
__audit_inode - store the inode and device from a lookup
auditsc_get_stamp - get local copies of audit_context values
audit_set_loginuid - set a task's audit_context loginuid
__audit_mq_open - record audit data for a POSIX MQ open
__audit_mq_sendrecv - record audit data for a POSIX MQ timed send/receive
__audit_mq_notify - record audit data for a POSIX MQ notify
__audit_mq_getsetattr - record audit data for a POSIX MQ get/set attribute
__audit_ipc_obj - record audit data for ipc object
__audit_ipc_set_perm - record audit data for new ipc permissions
audit_socketcall - record audit data for sys_socketcall
__audit_fd_pair - record audit data for pipe and socketpair
audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
__audit_signal_info - record signal info for shutting down audit subsystem
__audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps
__audit_log_capset - store information about the arguments to the capset syscall
audit_core_dumps - record information about processes that end abnormally
audit_receive_filter - apply all rules to the specified message type