audit - User space tools for 2.6 kernel auditing

audit_add_rule_data - Add new audit rule

audit_add_watch - create a rule layout for a watch

audit_delete_rule_data - Delete audit rule

audit_detect_machine - Detects the current machine type

audit_encode_nv_string - encode a name/value pair in a string

audit_getloginuid - Get a program’s loginuid value

audit_get_reply - Get the audit system’s reply

audit_get_session - Get a program’s login session id value

audit_log_acct_message - log a user account message

audit_log_semanage_message - log a semanage message

audit_log_user_avc_message - log a user avc message

audit_log_user_command - log a user command

audit_log_user_comm_message - log a user message from a console app

audit_log_user_message - log a general user message

audit_open - Open a audit netlink socket connection

audit_request_rules_list_data - Request list of current audit rules

audit_request_signal_info - Request signal info for the audit system

audit_request_status - Request status of the audit system

audit_setloginuid - Set a program’s loginuid value

audit_set_backlog_limit - Set the audit backlog limit

audit_set_backlog_wait_time - Set the audit backlog wait time

audit_set_enabled - Enable or disable auditing

audit_set_failure - Set audit failure flag

audit_set_pid - Set audit daemon process ID

audit_set_rate_limit - Set audit rate limit

audit_update_watch_perms - update permissions field of watch command

auparse_add_callback - add a callback handler for notifications

auparse_destroy - release instance of parser

auparse_feed - feed data into parser

auparse_feed_age_events - check events for complete based on time.

auparse_feed_has_data - check if there is any data accumulating that might need flushing.

auparse_find_field - search for field name

auparse_find_field_next - find next occurrence of field name

auparse_first_field - reposition field cursor

auparse_first_record - reposition record cursor

auparse_flush_feed - flush any unconsumed feed data through parser.

auparse_get_field_int - get current field’s value as an int

auparse_get_field_name - get current field’s name

auparse_get_field_num - get current field cursor location

auparse_get_field_str - get current field’s value

auparse_get_field_type - get current field’s data type

auparse_get_filename - get the filename where record was found

auparse_get_line_number - get line number where record was found

auparse_get_milli - get the millisecond value of the event

auparse_get_node - get the event’s machine node name

auparse_get_num_fields - get the number of fields

auparse_get_num_records - get the number of records

auparse_get_record_num - get current record cursor location

auparse_get_record_text - access unparsed record data

auparse_get_serial - get the event’s serial number

auparse_get_time - get event’s time

auparse_get_timestamp - access timestamp of the event

auparse_get_type - get record’s type

auparse_get_type_name - get record’s type translation

auparse_goto_field_num - move field cursor to specific field

auparse_goto_record_num - move record cursor to specific record

auparse_init - initialize an instance of the audit parsing library

auparse_interpret_field, auparse_interpret_realpath,auparse_interpret_sock_family,auparse_interpret_sock_port,auparse_interpret_sock_address - get current field’s interpreted value

auparse_next_event - get the next event

auparse_next_field - move field cursor

auparse_next_record - move record cursor

auparse_node_compare - compares node name values

auparse_normalize - normalize the current event

auparse_reset - reset audit parser instance

auparse_set_escape_mode - choose escape method

auparse_timestamp_compare - compares timestamp values

ausearch_add_expression - build up search expression

ausearch_add_interpreted_item - build up search rule

ausearch_add_item - build up search rule

ausearch_add_regex - use regular expression search rule

ausearch_add_timestamp_item - build up search rule

ausearch_add_timestamp_item_ex - build up search rule

ausearch_clear - clear search parameters

ausearch_next_event - find the next event that meets search criteria

ausearch_set_stop - set the cursor position

get_auditfail_action - Get failure_action tunable value

set_message_mode - Sets the message mode

audisp-remote.conf - the audisp-remote configuration file

audispd.conf - the audit event dispatcher configuration file

audit-plugins - realtime event receivers

auditd.conf - audit daemon configuration file

ausearch-expression - audit search expression format

libaudit.conf - libaudit configuration file

zos-remote.conf - the audisp-racf plugin configuration file

audit.rules - a set of rules loaded in the kernel audit system

audisp-remote - plugin for remote logging

audispd - an event multiplexor

audispd-zos-remote - z/OS Remote-services Audit dispatcher plugin

auditctl - a utility to assist controlling the kernel’s audit system

auditd - The Linux Audit daemon

augenrules - a script that merges component audit rule files

aulast - a program similar to last

aulastlog - a program similar to lastlog

aureport - a tool that produces summary reports of audit daemon logs

ausearch - a tool to query audit daemon logs

ausyscall - a program that allows mapping syscall names and numbers

autrace - a program similar to strace

auvirt - a program that shows data related to virtual machines