127
127
"usage: auditctl [options]\n"
128
" -a <l,a> Append rule to end of <l>ist with <a>ction\n"
129
" -A <l,a> Add rule at beginning of <l>ist with <a>ction\n"
130
" -b <backlog> Set max number of outstanding audit buffers allowed\n"
132
" -d <l,a> Delete rule from <l>ist with <a>ction\n"
133
" l=task,entry,exit,user,watch,exclude a=never,possible,always\n"
134
" -D Delete all rules and watches\n"
135
" -e [0..2] Set enabled flag\n"
136
" -f [0..2] Set failure flag\n"
137
" 0=silent 1=printk 2=panic\n"
138
" -F f=v Build rule: field name, operator(=,!=,<,>,<=,>=,^,&),\n"
141
" -i Ignore errors when reading rules from file\n"
142
" -k <key> Set filter key on audit rule\n"
144
" -m text Send a user-space message\n"
145
" -p [r|w|x|a] Set permissions filter on watch\n"
146
" r=read, w=write, x=execute, a=attribute\n"
147
" -r <rate> Set limit in messages/sec (0=none)\n"
148
" -R <file> read rules from file\n"
149
" -s Report status\n"
150
" -S syscall Build rule: syscall name or number\n"
152
" -w <path> Insert watch at <path>\n"
153
" -W <path> Remove watch at <path>\n"
128
" -a <l,a> Append rule to end of <l>ist with <a>ction\n"
129
" -A <l,a> Add rule at beginning of <l>ist with <a>ction\n"
130
" -b <backlog> Set max number of outstanding audit buffers\n"
131
" allowed Default=64\n"
132
" -d <l,a> Delete rule from <l>ist with <a>ction\n"
133
" l=task,entry,exit,user,watch,exclude\n"
134
" a=never,possible,always\n"
135
" -D Delete all rules and watches\n"
136
" -e [0..2] Set enabled flag\n"
137
" -f [0..2] Set failure flag\n"
138
" 0=silent 1=printk 2=panic\n"
139
" -F f=v Build rule: field name, operator(=,!=,<,>,<=,\n"
142
" -i Ignore errors when reading rules from file\n"
143
" -k <key> Set filter key on audit rule\n"
145
" -m text Send a user-space message\n"
146
" -p [r|w|x|a] Set permissions filter on watch\n"
147
" r=read, w=write, x=execute, a=attribute\n"
148
" -q <mount,subtree> make subtree part of mount point's dir watches\n"
149
" -r <rate> Set limit in messages/sec (0=none)\n"
150
" -R <file> read rules from file\n"
151
" -s Report status\n"
152
" -S syscall Build rule: syscall name or number\n"
153
" -t Trim directory watches\n"
155
" -w <path> Insert watch at <path>\n"
156
" -W <path> Remove watch at <path>\n"
746
769
retval = audit_setup_perms(rule_new, optarg);
773
if (audit_syscalladded) {
775
"Syscall auditing requested for make equivalent\n");
779
retval = equiv_parse(optarg, &mp, &sub);
782
"Error parsing equivalent parts\n");
785
retval = audit_make_equivalent(fd, mp, sub);
789
return -2; // success - no reply needed
794
retval = audit_trim_subtrees(fd);
798
return -2; // success - no reply for this
750
801
printf("auditctl version %s\n", VERSION);