Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   auditctl    ( 8 )

утилита для помощи в управлении системой аудита ядра (a utility to assist controlling the kernel's audit system)

STATUS OPTIONS

-l List all rules 1 per line. Two more options may be given to this command. You can give either a key option (-k) to list rules that match a key or a (-i) to have a0 through a3 interpreted to help determine the syscall argument values are correct .

-m text Send a user space message into the audit system. This can only be done if you have CAP_AUDIT_WRITE capability (normally the root user has this). The resulting event will be the USER type.

-s Report the kernel's audit subsystem status. It will tell you the in-kernel values that can be set by -e, -f, -r, and -b options. The pid value is the process number of the audit daemon. Note that a pid of 0 indicates that the audit daemon is not running. The lost entry will tell you how many event records that have been discarded due to the kernel audit queue overflowing. The backlog field tells how many event records are currently queued waiting for auditd to read them. This option can be followed by the -i to get a couple fields interpreted.

-v Print the version of auditctl.