Home
last modified time | relevance | path

Searched refs:audit (Results 1 – 25 of 79) sorted by relevance

1234

/linux-6.15/tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/
H A DUtil.py54 import audit
56 'x86_64': audit.MACH_86_64,
58 'alpha' : audit.MACH_ALPHA,
59 'ia64' : audit.MACH_IA64,
60 'ppc' : audit.MACH_PPC,
61 'ppc64' : audit.MACH_PPC64,
63 's390' : audit.MACH_S390,
64 's390x' : audit.MACH_S390X,
65 'i386' : audit.MACH_X86,
66 'i586' : audit.MACH_X86,
[all …]
/linux-6.15/Documentation/admin-guide/LSM/
H A Dlandlock.rst11 Landlock can leverage the audit framework to log events.
19 Denied access requests are logged by default for a sandboxed program if `audit`
23 thanks to audit rules. Landlock can generate 2 audit record types.
34 audit event.
45 The ``allocated`` status is part of the same audit event and follows
66 which might not have been logged according to the audit rules and
86 number following a timestamp (``msg=audit(1729738800.268:30)``). The first
117 type=PROCTITLE msg=audit(1729738800.268:30): proctitle=6B696C6C0031
140 If you get spammed with audit logs related to Landlock, this is either an
146 - or with audit rules (see :manpage:`auditctl(8)`).
[all …]
H A Dipe.rst119 generates audit logs which may be utilized to detect and analyze failures
339 type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00
343 type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00
384 …type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E707900…
428 …type=1327 audit(1653425529.927:53): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E707900…
460 …type=1404 audit(1653425689.008:55): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 ena…
462 type=1327 audit(1653425689.008:55): proctitle="-bash"
464 …type=1404 audit(1653425689.008:55): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 ena…
466 type=1327 audit(1653425689.008:55): proctitle="-bash"
483 | enabled | integer | No | The new TTY audit enabled setting …
[all …]
/linux-6.15/Documentation/ABI/stable/
H A Dprocfs-audit_loginuid3 KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc")
4 Contact: linux-audit@redhat.com
5 Users: audit and login applications
8 read to get the audit login UID of process $pid as a
20 Contact: linux-audit@redhat.com
21 Users: audit and login applications
24 audit login session ID of process $pid as a decimal
/linux-6.15/arch/x86/ia32/
H A DMakefile6 audit-class-$(CONFIG_AUDIT) := audit.o
7 obj-$(CONFIG_IA32_EMULATION) += $(audit-class-y)
/linux-6.15/security/landlock/
H A Dtask.c113 .audit = { in hook_ptrace_access_check()
159 .audit = { in hook_ptrace_traceme()
286 .audit = { in hook_unix_stream_connect()
323 .audit = { in hook_unix_may_send()
381 .audit = { in hook_task_kill()
422 .audit = { in hook_file_send_sigiotask()
H A Dfs.c931 log_request_parent1->audit.type = LSM_AUDIT_DATA_PATH; in is_access_to_paths_allowed()
932 log_request_parent1->audit.u.path = *path; in is_access_to_paths_allowed()
941 log_request_parent2->audit.type = LSM_AUDIT_DATA_PATH; in is_access_to_paths_allowed()
942 log_request_parent2->audit.u.path = *path; in is_access_to_paths_allowed()
1225 request1.audit.u.path.dentry = old_parent; in current_check_refer_path()
1229 request2.audit.u.path.dentry = new_dir->dentry; in current_check_refer_path()
1381 .audit = { in log_fs_change_topology_path()
1395 .audit = { in log_fs_change_topology_dentry()
1707 .audit = { in hook_file_truncate()
1743 .audit = { in hook_file_ioctl_common()
H A Dnet.c189 .audit.type = LSM_AUDIT_DATA_NET, in current_check_access_socket()
190 .audit.u.net = &audit_net, in current_check_access_socket()
H A DMakefile10 audit.o \
H A Daudit.h34 struct common_audit_data audit; member
/linux-6.15/security/integrity/
H A Dintegrity_audit.c20 unsigned long audit; in integrity_audit_setup() local
22 if (!kstrtoul(str, 0, &audit)) in integrity_audit_setup()
23 integrity_audit_info = audit ? 1 : 0; in integrity_audit_setup()
/linux-6.15/security/apparmor/
H A Ddomain.c660 goto audit; in profile_transition()
711 goto audit; in profile_transition()
724 audit: in profile_transition()
773 goto audit; in profile_onexec()
780 goto audit; in profile_onexec()
791 goto audit; in profile_onexec()
804 audit: in profile_onexec()
936 goto audit; in apparmor_bprm_creds_for_exec()
981 audit: in apparmor_bprm_creds_for_exec()
1032 audit: in build_change_hat()
[all …]
H A Dfile.c114 u32 mask = perms->audit; in aa_audit_file()
332 goto audit; in profile_path_link()
339 goto audit; in profile_path_link()
348 goto audit; in profile_path_link()
357 lperms.audit = perms.audit; in profile_path_link()
364 goto audit; in profile_path_link()
383 goto audit; in profile_path_link()
389 goto audit; in profile_path_link()
395 audit: in profile_path_link()
H A Dmount.c145 u32 mask = perms->audit; in audit_mount()
179 if (data && (perms->audit & AA_AUDIT_DATA)) in audit_mount()
328 goto audit; in match_mnt_path_str()
333 goto audit; in match_mnt_path_str()
342 goto audit; in match_mnt_path_str()
346 audit: in match_mnt_path_str()
623 goto audit; in profile_umount()
632 audit: in profile_umount()
691 goto audit; in build_pivotroot()
696 goto audit; in build_pivotroot()
[all …]
H A Dpolicy_compat.c118 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in compute_fperms_user()
133 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); in compute_fperms_other()
217 perms.audit = dfa_user_audit(dfa, state); in compute_perms_entry()
241 perms.audit |= map_other(dfa_other_audit(dfa, state)); in compute_perms_entry()
H A Dlib.c251 perms->audit = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
257 perms->audit = 0; in aa_apply_modes_to_perms()
313 request &= perms->audit; in aa_check_perms()
/linux-6.15/security/apparmor/include/
H A Dperms.h80 u32 audit; /* set only when allow is set */ member
112 accum->audit |= addend->audit & addend->allow; in aa_perms_accum_raw()
139 accum->audit |= addend->audit & accum->allow; in aa_perms_accum()
H A Dcapability.h30 kernel_cap_t audit; member
/linux-6.15/security/tomoyo/
H A DKconfig30 int "Default maximal count for audit log"
36 audit logs that the kernel can hold on memory.
37 You can read the log via /sys/kernel/security/tomoyo/audit.
38 If you don't need audit logs, you may set this value to 0.
/linux-6.15/tools/testing/selftests/landlock/
H A Dptrace_test.c456 FIXTURE(audit) in FIXTURE() argument
462 FIXTURE_SETUP(audit) in FIXTURE_SETUP() argument
471 FIXTURE_TEARDOWN_PARENT(audit) in FIXTURE_TEARDOWN_PARENT() argument
477 TEST_F(audit, trace) in TEST_F() argument
H A Daudit_test.c40 FIXTURE(audit) in FIXTURE() argument
46 FIXTURE_SETUP(audit) in FIXTURE_SETUP() argument
65 FIXTURE_TEARDOWN(audit) in FIXTURE_TEARDOWN() argument
72 TEST_F(audit, layers) in TEST_F() argument
218 TEST_F(audit, thread) in TEST_F() argument
/linux-6.15/arch/sparc/kernel/
H A DMakefile114 obj-$(CONFIG_AUDIT) += audit.o
115 audit--$(CONFIG_AUDIT) := compat_audit.o
116 obj-$(CONFIG_COMPAT) += $(audit--y)
/linux-6.15/tools/perf/Documentation/
H A Dsecurity.txt140 monitoring and observability operations. Inspect system audit records for
155 audit records using journalctl command or /var/log/audit/audit.log so the
163audit[1318098]: AVC avc: denied { open } for pid=1318098 comm="perf" scontext=unconfined_u:unco…
168 be generated using the system audit records about blocking perf_event access.
/linux-6.15/drivers/comedi/
H A DTODO5 - audit userspace interface
/linux-6.15/security/ipe/
H A DMakefile26 audit.o \

1234