[−][src]Module netlink_packet_audit::constants

Constants

AUDIT_ADD	Add syscall rule -- deprecated
AUDIT_ADD_RULE	Add syscall filtering rule
AUDIT_ALWAYS	Generate audit record if rule matches
AUDIT_ANOM_ABEND	Process ended abnormally
AUDIT_ANOM_LINK	Suspicious use of file links
AUDIT_ANOM_PROMISCUOUS	Device changed promiscuous mode
AUDIT_ARCH
AUDIT_ARCH_AARCH64
AUDIT_ARCH_ALPHA
AUDIT_ARCH_ARM
AUDIT_ARCH_ARMEB
AUDIT_ARCH_CRIS
AUDIT_ARCH_FRV
AUDIT_ARCH_I386
AUDIT_ARCH_IA64
AUDIT_ARCH_M32R
AUDIT_ARCH_M68K
AUDIT_ARCH_MICROBLAZE
AUDIT_ARCH_MIPS
AUDIT_ARCH_MIPS64
AUDIT_ARCH_MIPS64N32
AUDIT_ARCH_MIPSEL
AUDIT_ARCH_MIPSEL64
AUDIT_ARCH_MIPSEL64N32
AUDIT_ARCH_OPENRISC
AUDIT_ARCH_PARISC
AUDIT_ARCH_PARISC64
AUDIT_ARCH_PPC
AUDIT_ARCH_PPC64
AUDIT_ARCH_PPC64LE
AUDIT_ARCH_S390
AUDIT_ARCH_S390X
AUDIT_ARCH_SH
AUDIT_ARCH_SH64
AUDIT_ARCH_SHEL
AUDIT_ARCH_SHEL64
AUDIT_ARCH_SPARC
AUDIT_ARCH_SPARC64
AUDIT_ARCH_TILEGX
AUDIT_ARCH_TILEGX32
AUDIT_ARCH_TILEPRO
AUDIT_ARCH_X86_64
AUDIT_ARG0
AUDIT_ARG1
AUDIT_ARG2
AUDIT_ARG3
AUDIT_AVC	SE Linux avc denial or grant
AUDIT_AVC_PATH	dentry, vfsmount pair from avc
AUDIT_BITMASK_SIZE
AUDIT_BIT_MASK
AUDIT_BIT_TEST
AUDIT_BPRM_FCAPS	Information about fcaps increasing perms
AUDIT_CAPSET	Record showing argument to sys_capset
AUDIT_CLASS_CHATTR
AUDIT_CLASS_CHATTR_32
AUDIT_CLASS_DIR_WRITE
AUDIT_CLASS_DIR_WRITE_32
AUDIT_CLASS_READ
AUDIT_CLASS_READ_32
AUDIT_CLASS_SIGNAL
AUDIT_CLASS_SIGNAL_32
AUDIT_CLASS_WRITE
AUDIT_CLASS_WRITE_32
AUDIT_COMPARE_AUID_TO_EUID
AUDIT_COMPARE_AUID_TO_FSUID
AUDIT_COMPARE_AUID_TO_OBJ_UID
AUDIT_COMPARE_AUID_TO_SUID
AUDIT_COMPARE_EGID_TO_FSGID
AUDIT_COMPARE_EGID_TO_OBJ_GID
AUDIT_COMPARE_EGID_TO_SGID
AUDIT_COMPARE_EUID_TO_FSUID
AUDIT_COMPARE_EUID_TO_OBJ_UID
AUDIT_COMPARE_EUID_TO_SUID
AUDIT_COMPARE_FSGID_TO_OBJ_GID
AUDIT_COMPARE_FSUID_TO_OBJ_UID
AUDIT_COMPARE_GID_TO_EGID
AUDIT_COMPARE_GID_TO_FSGID
AUDIT_COMPARE_GID_TO_OBJ_GID
AUDIT_COMPARE_GID_TO_SGID
AUDIT_COMPARE_SGID_TO_FSGID
AUDIT_COMPARE_SGID_TO_OBJ_GID
AUDIT_COMPARE_SUID_TO_FSUID
AUDIT_COMPARE_SUID_TO_OBJ_UID
AUDIT_COMPARE_UID_TO_AUID
AUDIT_COMPARE_UID_TO_EUID
AUDIT_COMPARE_UID_TO_FSUID
AUDIT_COMPARE_UID_TO_OBJ_UID
AUDIT_COMPARE_UID_TO_SUID
AUDIT_CONFIG_CHANGE	Audit system configuration change
AUDIT_CWD	Current working directory
AUDIT_DAEMON_ABORT	Daemon error stop record
AUDIT_DAEMON_CONFIG	Daemon config change
AUDIT_DAEMON_END	Daemon normal stop record
AUDIT_DAEMON_START	Daemon startup record
AUDIT_DEL	Delete syscall rule -- deprecated
AUDIT_DEL_RULE	Delete syscall filtering rule
AUDIT_DEVMAJOR
AUDIT_DEVMINOR
AUDIT_DIR
AUDIT_EGID
AUDIT_EOE	End of multi-record event
AUDIT_EQUAL
AUDIT_EUID
AUDIT_EVENT_MESSAGE_MAX
AUDIT_EVENT_MESSAGE_MIN
AUDIT_EXE
AUDIT_EXECVE	execve arguments
AUDIT_EXIT
AUDIT_FAIL_PANIC
AUDIT_FAIL_PRINTK
AUDIT_FAIL_SILENT
AUDIT_FANOTIFY	Fanotify access decision
AUDIT_FD_PAIR	audit record for pipe/socketpair
AUDIT_FEATURE_CHANGE	audit log listing feature changes
AUDIT_FEATURE_LOGINUID_IMMUTABLE
AUDIT_FEATURE_ONLY_UNSET_LOGINUID
AUDIT_FEATURE_VERSION
AUDIT_FIELD_COMPARE
AUDIT_FILETYPE
AUDIT_FILTERKEY
AUDIT_FILTER_ENTRY	Apply rule at syscall entry
AUDIT_FILTER_EXIT	Apply rule at syscall exit
AUDIT_FILTER_FS
AUDIT_FILTER_PREPEND
AUDIT_FILTER_TASK	Apply rule at task creation (not syscall)
AUDIT_FILTER_TYPE	Apply rule at audit_log_start
AUDIT_FILTER_UNSET	Filter is unset
AUDIT_FILTER_USER	Apply rule to user-generated messages
AUDIT_FILTER_WATCH	Apply rule to file system watches
AUDIT_FIRST_KERN_ANOM_MSG
AUDIT_FIRST_USER_MSG	Userspace messages mostly uninteresting to kernel
AUDIT_FIRST_USER_MSG2	More user space messages;
AUDIT_FSGID
AUDIT_FSTYPE
AUDIT_FSUID
AUDIT_GET	Get status
AUDIT_GET_FEATURE	Get which features are enabled
AUDIT_GID
AUDIT_GREATER_THAN
AUDIT_GREATER_THAN_OR_EQUAL
AUDIT_INODE
AUDIT_INTEGRITY_DATA	Data integrity verification
AUDIT_INTEGRITY_HASH	Integrity HASH type
AUDIT_INTEGRITY_METADATA	Metadata integrity verification
AUDIT_INTEGRITY_PCR	PCR invalidation msgs
AUDIT_INTEGRITY_RULE	policy rule
AUDIT_INTEGRITY_STATUS	Integrity enable status
AUDIT_IPC	IPC record
AUDIT_IPC_SET_PERM	IPC new permissions record type
AUDIT_KERNEL
AUDIT_KERNEL_OTHER	For use by 3rd party modules
AUDIT_KERN_MODULE	Kernel Module events
AUDIT_LAST_FEATURE
AUDIT_LAST_KERN_ANOM_MSG
AUDIT_LAST_USER_MSG
AUDIT_LAST_USER_MSG2
AUDIT_LESS_THAN
AUDIT_LESS_THAN_OR_EQUAL
AUDIT_LIST	List syscall rules -- deprecated
AUDIT_LIST_RULES	List syscall filtering rules
AUDIT_LOGIN	Define the login id and information
AUDIT_LOGINUID
AUDIT_LOGINUID_SET
AUDIT_MAC_CALIPSO_ADD	NetLabel: add CALIPSO DOI entry
AUDIT_MAC_CALIPSO_DEL	NetLabel: del CALIPSO DOI entry
AUDIT_MAC_CIPSOV4_ADD	NetLabel: add CIPSOv4 DOI entry
AUDIT_MAC_CIPSOV4_DEL	NetLabel: del CIPSOv4 DOI entry
AUDIT_MAC_CONFIG_CHANGE	Changes to booleans
AUDIT_MAC_IPSEC_ADDSA	Not used
AUDIT_MAC_IPSEC_ADDSPD	Not used
AUDIT_MAC_IPSEC_DELSA	Not used
AUDIT_MAC_IPSEC_DELSPD	Not used
AUDIT_MAC_IPSEC_EVENT	Audit an IPSec event
AUDIT_MAC_MAP_ADD	NetLabel: add LSM domain mapping
AUDIT_MAC_MAP_DEL	NetLabel: del LSM domain mapping
AUDIT_MAC_POLICY_LOAD	Policy file load
AUDIT_MAC_STATUS	Changed enforcing,permissive,off
AUDIT_MAC_UNLBL_ALLOW	NetLabel: allow unlabeled traffic
AUDIT_MAC_UNLBL_STCADD	NetLabel: add a static label
AUDIT_MAC_UNLBL_STCDEL	NetLabel: del a static label
AUDIT_MAKE_EQUIV	Append to watched tree
AUDIT_MAX_FIELDS
AUDIT_MAX_FIELD_COMPARE
AUDIT_MAX_KEY_LEN
AUDIT_MESSAGE_TEXT_MAX
AUDIT_MMAP	Record showing descriptor and flags in mmap
AUDIT_MQ_GETSETATTR	POSIX MQ get/set attribute record type
AUDIT_MQ_NOTIFY	POSIX MQ notify record type
AUDIT_MQ_OPEN	POSIX MQ open record type
AUDIT_MQ_SENDRECV	POSIX MQ send/receive record type
AUDIT_MSGTYPE
AUDIT_NETFILTER_CFG	Netfilter chain modifications
AUDIT_NETFILTER_PKT	Packets traversing netfilter chains
AUDIT_NEVER	Do not build context if rule matches
AUDIT_NLGRP_NONE	Unused multicast group for audit
AUDIT_NLGRP_READLOG	Multicast group to listen for audit events
AUDIT_NOT_EQUAL
AUDIT_NR_FILTERS	Mask to get actual filter
AUDIT_OBJ_GID
AUDIT_OBJ_LEV_HIGH
AUDIT_OBJ_LEV_LOW
AUDIT_OBJ_PID	ptrace target
AUDIT_OBJ_ROLE
AUDIT_OBJ_TYPE
AUDIT_OBJ_UID
AUDIT_OBJ_USER
AUDIT_OPERATORS
AUDIT_PATH	Filename path information
AUDIT_PERM
AUDIT_PERM_ATTR
AUDIT_PERM_EXEC
AUDIT_PERM_READ
AUDIT_PERM_WRITE
AUDIT_PERS
AUDIT_PID
AUDIT_POSSIBLE	Build context if rule matches
AUDIT_PPID
AUDIT_PROCTITLE	Proctitle emit event
AUDIT_REPLACE	Replace auditd if this packet unanswerd
AUDIT_SECCOMP	Secure Computing event
AUDIT_SELINUX_ERR	Internal SE Linux Errors
AUDIT_SESSIONID
AUDIT_SET	Set status (enable/disable/auditd)
AUDIT_SET_FEATURE	Turn an audit feature on or off
AUDIT_SGID
AUDIT_SIGNAL_INFO	Get info about sender of signal to auditd
AUDIT_SOCKADDR	sockaddr copied as syscall arg
AUDIT_SOCKETCALL	sys_socketcall arguments
AUDIT_SUBJ_CLR
AUDIT_SUBJ_ROLE
AUDIT_SUBJ_SEN
AUDIT_SUBJ_TYPE
AUDIT_SUBJ_USER
AUDIT_SUCCESS
AUDIT_SUID
AUDIT_SYSCALL	Syscall event
AUDIT_SYSCALL_CLASSES
AUDIT_TRIM	Trim junk from watched tree
AUDIT_TTY	Input on an administrative TTY
AUDIT_TTY_GET	Get TTY auditing status
AUDIT_TTY_SET	Set TTY auditing status
AUDIT_UID
AUDIT_UNUSED_BITS
AUDIT_USER	Message from userspace -- deprecated
AUDIT_USER_AVC	We filter this differently
AUDIT_USER_TTY	Non-ICANON TTY input meaning
AUDIT_WATCH
AUDIT_WATCH_INS	Insert file/dir watch entry
AUDIT_WATCH_LIST	List all file/dir watches
AUDIT_WATCH_REM	Remove file/dir watch entry
NLM_F_ACK	Request for an acknowledgment on success. Typical direction of request is from user space (CPC) to kernel space (FEC).
NLM_F_ACK_TLVS	extended ACK TVLs were included
NLM_F_APPEND	Add to the end of the object list.
NLM_F_ATOMIC	Return an atomic snapshot of the table. Requires `CAP_NET_ADMIN` capability or a effective UID of 0.
NLM_F_CAPPED	request was capped
NLM_F_CREATE	Create object if it doesn't already exist.
NLM_F_DUMP
NLM_F_DUMP_FILTERED	Dump was filtered as requested
NLM_F_DUMP_INTR	Dump was inconsistent due to sequence change
NLM_F_ECHO	Echo this request. Typical direction of request is from user space (CPC) to kernel space (FEC).
NLM_F_EXCL	Don't replace if the object already exists.
NLM_F_MATCH	Return all entries matching criteria passed in message content.
NLM_F_MULTIPART	Indicates the message is part of a multipart message terminated by NLMSG_DONE
NLM_F_NONREC	Do not delete recursively
NLM_F_REPLACE	Replace existing matching object.
NLM_F_REQUEST	Must be set on all request messages (typically from user space to kernel space)
NLM_F_ROOT	Return the complete table instead of a single entry.
__AUDIT_ARCH_64BIT
__AUDIT_ARCH_CONVENTION_MASK
__AUDIT_ARCH_CONVENTION_MIPS64_N32
__AUDIT_ARCH_LE