diff options
author | Ashlee Young <ashlee@wildernessvoice.com> | 2016-01-20 01:10:01 +0000 |
---|---|---|
committer | Ashlee Young <ashlee@wildernessvoice.com> | 2016-01-20 01:10:11 +0000 |
commit | 19d701ddf07d855128ded0cf2b573ce468e3bdd6 (patch) | |
tree | 0edcd3461ca903c76e431bb7c6348c42a0f12488 /framework/src/audit/docs/audit_add_rule_data.3 | |
parent | fac6fbefbfad1cf837ddd88bc0d330559c8eb6f9 (diff) |
Removing Suricata and Audit from source repo, and updated build.sh to avoid building suricata. Will re-address this in C release via tar balls.
Change-Id: I3710076f8b7f3313cb3cb5260c4eb0a6834d4f6e
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>
Diffstat (limited to 'framework/src/audit/docs/audit_add_rule_data.3')
-rw-r--r-- | framework/src/audit/docs/audit_add_rule_data.3 | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/framework/src/audit/docs/audit_add_rule_data.3 b/framework/src/audit/docs/audit_add_rule_data.3 deleted file mode 100644 index 2321f391..00000000 --- a/framework/src/audit/docs/audit_add_rule_data.3 +++ /dev/null @@ -1,49 +0,0 @@ -.TH "AUDIT_ADD_RULE_DATA" "3" "Aug 2009" "Red Hat" "Linux Audit API" -.SH NAME -audit_add_rule_data \- Add new audit rule -.SH "SYNOPSIS" -.B #include <libaudit.h> -.sp -int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action); - -.SH "DESCRIPTION" - -audit_add_rule adds an audit rule previously constructed with audit_rule_fieldpair_data(3) to one of several kernel event filters. The filter is specified by the flags argument. Possible values for flags are: - -.TP 3 -\(bu -AUDIT_FILTER_USER - Apply rule to userspace generated messages. -.TP -\(bu -AUDIT_FILTER_TASK - Apply rule at task creation (not syscall). -.TP -\(bu -AUDIT_FILTER_EXIT - Apply rule at syscall exit. -.TP -\(bu -AUDIT_FILTER_TYPE - Apply rule at audit_log_start. -.LP - -.PP -The rule's action has two possible values: - -.TP 3 -\(bu -AUDIT_NEVER - Do not build context if rule matches. -.TP -\(bu -AUDIT_ALWAYS - Generate audit record if rule matches. -.LP - -.SH "RETURN VALUE" - -The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter. - -.SH "SEE ALSO" - -.BR audit_rule_fieldpair_data(3), -.BR audit_delete_rule_data (3), -.BR auditctl (8). - -.SH AUTHOR -Steve Grubb. |