On Wednesday 27 September 2006 16:57, Azrael wrote: > Where can I find documentation regarding the underlying audit subsystem > within the Linux kernel?
Not sure if there is much docs publicly available. Not because we don't want it, but very little developer time. > Specifically, the protocol docs for NETLINK_AUDIT, so that I may query the > subsystem from any sort of language that supports NETLINK socket > communication. There's not really a protocol per-se, you send a command and expect a response. But you always get something back. The commands are in linux/audit.h header file. Aside from that, you'd probably just want to look at libaudit source code. > Does such documentation even exist? Not really. > If not, could somebody provide me with samples or a basic idea/flow of how > it all works? auditctl.c + libaudit pretty much shows it. > I'd be willing to write it all down for public viewing if it hasn't yet been > done and if someone can get me started. That would be nice. We would like some docs available, but are short for time. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
