|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON |
|
|
|
AUDIT_GET_FEATURES(3) Linux Audit API AUDIT_GET_FEATURES(3)
audit_get_features, audit_set_feature - query or change kernel
audit features
#include <libaudit.h>
uint32_t audit_get_features(void);
int audit_set_feature(int fd, unsigned feature, unsigned value,
unsigned lock);"
audit_get_features() returns a bitmap describing which kernel
audit features are supported. The bitmap is cached internally and
retrieved from the kernel on the first call.
audit_set_feature() changes a feature bit for the kernel using the
descriptor fd which must be an open audit netlink socket. feature
selects the bit to modify. If value is nonzero the feature is
enabled, otherwise it is disabled. If lock is nonzero the feature
setting is locked until reboot.
The feature bits currently defined are:
AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT
Kernel supports changing the backlog queue depth.
AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME
Kernel supports delaying syscalls when the queue is full.
AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH
Kernel will include the executable path on EXECVE records.
AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND
Exclude rules may be used with more fields than just
message type.
AUDIT_FEATURE_BITMAP_SESSIONID_FILTER
Session identifier filtering is supported.
AUDIT_FEATURE_BITMAP_LOST_RESET
Allows resetting the lost event counter.
AUDIT_FEATURE_BITMAP_FILTER_FS
Kernel supports file system field filtering.
audit_get_features returns the feature bitmap or 0 if feature
queries are unsupported. audit_set_feature returns <= 0 on error,
otherwise it is the netlink sequence id number.
audit_request_features(3), audit_reset_lost(3), audit_open(3).
Steve Grubb
This page is part of the audit (Linux Audit) project. Information
about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report
for this manual page, send it to [email protected]. This
page was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on
2025-08-11. (At that time, the date of the most recent commit
that was found in the repository was 2025-08-09.) If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a
mail to [email protected]
Red Hat July 2025 AUDIT_GET_FEATURES(3)
Pages that refer to this page: audit_request_features(3), audit_reset_lost(3), audit_set_loginuid_immutable(3)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|