включение или отключение аудита (Enable or disable auditing)
Имя (Name)
audit_set_enabled - Enable or disable auditing
Синопсис (Synopsis)
#include <libaudit.h>
int audit_set_enabled(int fd, uint32_t enabled);
Описание (Description)
audit_set_enabled is used to control whether or not the audit
system is active. When the audit system is enabled (enabled set
to 1), every syscall will pass through the audit system to
collect information and potentially trigger an event.
If the audit system is disabled (enabled set to 0), syscalls do
not enter the audit system and no data is collected. There may be
some events generated by MAC subsystems like SE Linux even though
the audit system is disabled. It is possible to suppress those
events, too, by adding an audit rule with flags set to
AUDIT_FILTER_EXCLUDE
Возвращаемое значение (Return value)
The return value is <= 0 on error, otherwise it is the netlink
sequence id number. This function can have any error that sendto
would encounter.
Смотри также (See also)
audit_add_rule_data(3), auditd(8).
