Re: Q on audit, audit-syscall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, 05 Apr 2006 23:47:24 +0200, Herbert Rosmanith said:

> anyway, the manpage describes how auditd/libaudit works - not how it has been
> implemented/how it communicates with the kernel.
> I want to know how it works "under the hood", not just how to use it.

One thing that's not at all clear from casual reading of the source code
of either the kernel or the userspace, or most of the existing docs...

The audit facility is *very much* an after-the-fact logging - there are a
few places where the code jumps through very odd hoops to deal with the fact
that by the time an actual notification is generated, the entire process that
triggered the event could be *gone*, completely and totally.

Attachment: pgp0x8wONzUr3.pgp
Description: PGP signature

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux