linux_audit_parser

Struct MessageType

Source 
pub struct MessageType(pub u32);
Expand description

Type of an audit message, corresponding to the type=… part of every Linux Audit log line.

The implementation uses the same 32bit unsigned integer values that are used by the Linux Audit API. Mappings between numeric and symbolic values is generated using CSV retrieved from the Linux Audit Project’s documentation.

Tuple Fields§

§0: u32

Implementations§

§

impl MessageType

pub const GET: Self = _

pub const SET: Self = _

pub const LIST: Self = _

pub const ADD: Self = _

pub const DEL: Self = _

pub const USER: Self = _

pub const LOGIN: Self = _

pub const WATCH_INS: Self = _

pub const WATCH_REM: Self = _

pub const WATCH_LIST: Self = _

pub const SIGNAL_INFO: Self = _

pub const ADD_RULE: Self = _

pub const DEL_RULE: Self = _

pub const LIST_RULES: Self = _

pub const TRIM: Self = _

pub const MAKE_EQUIV: Self = _

pub const TTY_GET: Self = _

pub const TTY_SET: Self = _

pub const SET_FEATURE: Self = _

pub const GET_FEATURE: Self = _

pub const USER_AUTH: Self = _

pub const USER_ACCT: Self = _

pub const USER_MGMT: Self = _

pub const CRED_ACQ: Self = _

pub const CRED_DISP: Self = _

pub const USER_START: Self = _

pub const USER_END: Self = _

pub const USER_AVC: Self = _

pub const USER_CHAUTHTOK: Self = _

pub const USER_ERR: Self = _

pub const CRED_REFR: Self = _

pub const USYS_CONFIG: Self = _

pub const USER_LOGIN: Self = _

pub const USER_LOGOUT: Self = _

pub const ADD_USER: Self = _

pub const DEL_USER: Self = _

pub const ADD_GROUP: Self = _

pub const DEL_GROUP: Self = _

pub const DAC_CHECK: Self = _

pub const CHGRP_ID: Self = _

pub const TEST: Self = _

pub const TRUSTED_APP: Self = _

pub const USER_SELINUX_ERR: Self = _

pub const USER_CMD: Self = _

pub const USER_TTY: Self = _

pub const CHUSER_ID: Self = _

pub const GRP_AUTH: Self = _

pub const SYSTEM_BOOT: Self = _

pub const SYSTEM_SHUTDOWN: Self = _

pub const SYSTEM_RUNLEVEL: Self = _

pub const SERVICE_START: Self = _

pub const SERVICE_STOP: Self = _

pub const GRP_MGMT: Self = _

pub const GRP_CHAUTHTOK: Self = _

pub const MAC_CHECK: Self = _

pub const ACCT_LOCK: Self = _

pub const ACCT_UNLOCK: Self = _

pub const USER_DEVICE: Self = _

pub const SOFTWARE_UPDATE: Self = _

pub const DAEMON_START: Self = _

pub const DAEMON_END: Self = _

pub const DAEMON_ABORT: Self = _

pub const DAEMON_CONFIG: Self = _

pub const DAEMON_RECONFIG: Self = _

pub const DAEMON_ROTATE: Self = _

pub const DAEMON_RESUME: Self = _

pub const DAEMON_ACCEPT: Self = _

pub const DAEMON_CLOSE: Self = _

pub const DAEMON_ERR: Self = _

pub const SYSCALL: Self = _

pub const FS_WATCH: Self = _

pub const PATH: Self = _

pub const IPC: Self = _

pub const SOCKETCALL: Self = _

pub const CONFIG_CHANGE: Self = _

pub const SOCKADDR: Self = _

pub const CWD: Self = _

pub const EXECVE: Self = _

pub const IPC_SET_PERM: Self = _

pub const MQ_OPEN: Self = _

pub const MQ_SENDRECV: Self = _

pub const MQ_NOTIFY: Self = _

pub const MQ_GETSETATTR: Self = _

pub const KERNEL_OTHER: Self = _

pub const FD_PAIR: Self = _

pub const OBJ_PID: Self = _

pub const TTY: Self = _

pub const EOE: Self = _

pub const BPRM_FCAPS: Self = _

pub const CAPSET: Self = _

pub const MMAP: Self = _

pub const NETFILTER_PKT: Self = _

pub const NETFILTER_CFG: Self = _

pub const SECCOMP: Self = _

pub const PROCTITLE: Self = _

pub const FEATURE_CHANGE: Self = _

pub const REPLACE: Self = _

pub const KERN_MODULE: Self = _

pub const FANOTIFY: Self = _

pub const TIME_INJOFFSET: Self = _

pub const TIME_ADJNTPVAL: Self = _

pub const BPF: Self = _

pub const EVENT_LISTENER: Self = _

pub const URINGOP: Self = _

pub const OPENAT2: Self = _

pub const DM_CTRL: Self = _

pub const DM_EVENT: Self = _

pub const AVC: Self = _

pub const SELINUX_ERR: Self = _

pub const AVC_PATH: Self = _

pub const MAC_POLICY_LOAD: Self = _

pub const MAC_STATUS: Self = _

pub const MAC_CONFIG_CHANGE: Self = _

pub const MAC_UNLBL_ALLOW: Self = _

pub const MAC_CIPSOV4_ADD: Self = _

pub const MAC_CIPSOV4_DEL: Self = _

pub const MAC_MAP_ADD: Self = _

pub const MAC_MAP_DEL: Self = _

pub const MAC_IPSEC_ADDSA: Self = _

pub const MAC_IPSEC_DELSA: Self = _

pub const MAC_IPSEC_ADDSPD: Self = _

pub const MAC_IPSEC_DELSPD: Self = _

pub const MAC_IPSEC_EVENT: Self = _

pub const MAC_UNLBL_STCADD: Self = _

pub const MAC_UNLBL_STCDEL: Self = _

pub const MAC_CALIPSO_ADD: Self = _

pub const MAC_CALIPSO_DEL: Self = _

pub const MAC_TASK_CONTEXTS: Self = _

pub const MAC_OBJ_CONTEXTS: Self = _

pub const AA: Self = _

pub const APPARMOR_AUDIT: Self = _

pub const APPARMOR_ALLOWED: Self = _

pub const APPARMOR_DENIED: Self = _

pub const APPARMOR_HINT: Self = _

pub const APPARMOR_STATUS: Self = _

pub const APPARMOR_ERROR: Self = _

pub const APPARMOR_KILL: Self = _

pub const ANOM_PROMISCUOUS: Self = _

pub const ANOM_ABEND: Self = _

pub const ANOM_CREAT: Self = _

pub const INTEGRITY_DATA: Self = _

pub const INTEGRITY_METADATA: Self = _

pub const INTEGRITY_STATUS: Self = _

pub const INTEGRITY_HASH: Self = _

pub const INTEGRITY_PCR: Self = _

pub const INTEGRITY_RULE: Self = _

pub const INTEGRITY_EVM_XATTR: Self = _

pub const INTEGRITY_POLICY_RULE: Self = _

pub const KERNEL: Self = _

pub const ANOM_LOGIN_FAILURES: Self = _

pub const ANOM_LOGIN_TIME: Self = _

pub const ANOM_LOGIN_SESSIONS: Self = _

pub const ANOM_LOGIN_ACCT: Self = _

pub const ANOM_LOGIN_LOCATION: Self = _

pub const ANOM_MAX_DAC: Self = _

pub const ANOM_MAX_MAC: Self = _

pub const ANOM_AMTU_FAIL: Self = _

pub const ANOM_RBAC_FAIL: Self = _

pub const ANOM_RBAC_INTEGRITY_FAIL: Self = _

pub const ANOM_CRYPTO_FAIL: Self = _

pub const ANOM_ACCESS_FS: Self = _

pub const ANOM_EXEC: Self = _

pub const ANOM_MK_EXEC: Self = _

pub const ANOM_ADD_ACCT: Self = _

pub const ANOM_DEL_ACCT: Self = _

pub const ANOM_MOD_ACCT: Self = _

pub const ANOM_ROOT_TRANS: Self = _

pub const ANOM_LOGIN_SERVICE: Self = _

pub const RESP_ANOMALY: Self = _

pub const RESP_ALERT: Self = _

pub const RESP_KILL_PROC: Self = _

pub const RESP_TERM_ACCESS: Self = _

pub const RESP_ACCT_REMOTE: Self = _

pub const RESP_ACCT_LOCK_TIMED: Self = _

pub const RESP_ACCT_UNLOCK_TIMED: Self = _

pub const RESP_ACCT_LOCK: Self = _

pub const RESP_TERM_LOCK: Self = _

pub const RESP_SEBOOL: Self = _

pub const RESP_EXEC: Self = _

pub const RESP_SINGLE: Self = _

pub const RESP_HALT: Self = _

pub const RESP_ORIGIN_BLOCK: Self = _

pub const RESP_ORIGIN_BLOCK_TIMED: Self = _

pub const USER_ROLE_CHANGE: Self = _

pub const ROLE_ASSIGN: Self = _

pub const ROLE_REMOVE: Self = _

pub const LABEL_OVERRIDE: Self = _

pub const LABEL_LEVEL_CHANGE: Self = _

pub const USER_LABELED_EXPORT: Self = _

pub const USER_UNLABELED_EXPORT: Self = _

pub const DEV_ALLOC: Self = _

pub const DEV_DEALLOC: Self = _

pub const FS_RELABEL: Self = _

pub const USER_MAC_POLICY_LOAD: Self = _

pub const ROLE_MODIFY: Self = _

pub const USER_MAC_CONFIG_CHANGE: Self = _

pub const USER_MAC_STATUS: Self = _

pub const CRYPTO_TEST_USER: Self = _

pub const CRYPTO_PARAM_CHANGE_USER: Self = _

pub const CRYPTO_LOGIN: Self = _

pub const CRYPTO_LOGOUT: Self = _

pub const CRYPTO_KEY_USER: Self = _

pub const CRYPTO_FAILURE_USER: Self = _

pub const CRYPTO_REPLAY_USER: Self = _

pub const CRYPTO_SESSION: Self = _

pub const CRYPTO_IKE_SA: Self = _

pub const CRYPTO_IPSEC_SA: Self = _

pub const VIRT_CONTROL: Self = _

pub const VIRT_RESOURCE: Self = _

pub const VIRT_MACHINE_ID: Self = _

pub const VIRT_INTEGRITY_CHECK: Self = _

pub const VIRT_CREATE: Self = _

pub const VIRT_DESTROY: Self = _

pub const VIRT_MIGRATE_IN: Self = _

pub const VIRT_MIGRATE_OUT: Self = _

Source§

impl MessageType

Source

pub fn is_multipart(&self) -> bool

True for messages that are part of multi-part events from kernel-space.

This mimics auparse logic as of version 3.0.6

Trait Implementations§

Source§

impl Clone for MessageType

Source§

fn clone(&self) -> MessageType

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for MessageType

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for MessageType

Source§

fn default() -> MessageType

Returns the “default value” for a type. Read more
Source§

impl Display for MessageType

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Hash for MessageType

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for MessageType

Source§

fn eq(&self, other: &MessageType) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for MessageType

Source§

fn serialize<S: Serializer>(&self, s: S) -> Result<S::Ok, S::Error>

Serialize this value into the given Serde serializer. Read more
Source§

impl Copy for MessageType

Source§

impl Eq for MessageType

Source§

impl StructuralPartialEq for MessageType

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.