Searched refs:audit (Results 1 – 25 of 34) sorted by relevance
12
3 The audit daemon is a simplified version of its desktop4 counterpart designed to gather the audit logs from the5 audit kernel subsystem. The audit subsystem of the kernel8 To enable the audit subsystem, you must add this to your
354 char* audit = strstr(buf, " audit("); in log() local355 if (!audit || (audit >= &buf[len])) { in log()359 *audit = '\0'; in log()364 rc = logPrint("%s %s", type, audit + 1); in log()366 rc = logPrint("%s", audit + 1); in log()368 *audit = ' '; in log()
4 ro.logd.auditd bool true Enable selinux audit daemon5 ro.logd.auditd.dmesg bool true selinux audit messages sent to dmesg.6 ro.logd.auditd.main bool true selinux audit messages sent to main.7 ro.logd.auditd.events bool true selinux audit messages sent to events.
35 # Do not audit the cases where traced_perf attempts to access /proc/[pid] for39 # Do not audit failures to signal a process, as there are cases when this is
34 # "dontaudit...audit_access" policy line to suppress the audit access without
104 # Don't audit legacy ctl. property handling. We only want the newer permission check to appear105 # in the audit log
23 # Write to security logs for audit.
25 # "dontaudit...audit_access" policy line to suppress the audit access without
27 # "dontaudit...audit_access" policy line to suppress the audit access without
13 # which will result in an audit log even when it's allowed to trace.
5 # which will result in an audit log even when it's allowed to trace.
142 # Don't audit legacy ctl. property handling. We only want the newer permission check to appear143 # in the audit log
49 # This attribute is used to audit access to proc_net. it is temporary and will
368 # Don't audit legacy ctl. property handling. We only want the newer permission check to appear369 # in the audit log
177 # Don't audit legacy ctl. property handling. We only want the newer permission check to appear178 # in the audit log
18 conditional rules, audit-related rules (auditallow or dontaudit),