惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Help Net Security
Help Net Security
G
Google Developers Blog
雷峰网
雷峰网
WordPress大学
WordPress大学
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Engineering at Meta
Engineering at Meta
Security Latest
Security Latest
T
Threat Research - Cisco Blogs
AWS News Blog
AWS News Blog
F
Full Disclosure
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Exploit Database - CXSecurity.com
J
Java Code Geeks
U
Unit 42
C
Cyber Attacks, Cyber Crime and Cyber Security
V
V2EX
C
Cisco Blogs
博客园 - 司徒正美
Project Zero
Project Zero
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
Blog — PlanetScale
Blog — PlanetScale
Scott Helme
Scott Helme
A
About on SuperTechFans
Hugging Face - Blog
Hugging Face - Blog
S
Securelist
小众软件
小众软件
aimingoo的专栏
aimingoo的专栏
S
Schneier on Security
G
GRAHAM CLULEY
酷 壳 – CoolShell
酷 壳 – CoolShell
Cyberwarzone
Cyberwarzone
MongoDB | Blog
MongoDB | Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 叶小钗
T
Threatpost
Recorded Future
Recorded Future
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
The Register - Security
The Register - Security
S
Security Archives - TechRepublic
博客园 - Franky
N
News | PayPal Newsroom
Simon Willison's Weblog
Simon Willison's Weblog
S
SegmentFault 最新的问题
W
WeLiveSecurity
A
Arctic Wolf
B
Blog

博客园 - kkun

audit message types system_call specifies the system call by its name ausyscall --dump NodeJS http 模块 - kkun NodeJS package.json NodeJS Hello world NodeJS 安装 透过 HoloLens,微软抢先看到了个人计算机的未来 [MSSQL2008]Spatial Data in SQL Server 2008 - 根据经纬度计算两点间距离 [MSSQL2005]再看CTE 博文阅读密码验证 - 博客园 博文阅读密码验证 - 博客园 [MSSQL2012]LEAD函数 [MSSQL2012]First_Value函数 [MSSQL2012]CUME_DIST函数 [MSSQL]SQL疑难杂症实战记录-巧妙利用PARTITION分组排名递增特性解决合并连续相同数据行 [ALM]一步一步搭建MS ALM环境 - 安装TFS + SQL SERVER - kkun [ALM]一步一步搭建MS ALM环境 - 安装域服务器 [Hyper-V]制作一个干净的操作系统模板
AUDIT SYSTEM REFERENCE
kkun · 2020-05-05 · via 博客园 - kkun

APPENDIX B. AUDIT SYSTEM REFERENCE
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/app-Audit_Reference#sec-Audit_Events_Fields

https://elixir.bootlin.com/linux/latest/source/kernel/audit.c
https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/audit.h

/* The netlink messages for the audit system is divided into blocks:

  • 1000 - 1099 are for commanding the audit system
  • 1100 - 1199 user space trusted application messages
  • 1200 - 1299 messages internal to the audit daemon
  • 1300 - 1399 audit event messages
  • 1400 - 1499 SE Linux use
  • 1500 - 1599 kernel LSPP events
  • 1600 - 1699 kernel crypto events
  • 1700 - 1799 kernel anomaly records
  • 1800 - 1899 kernel integrity events
  • 1900 - 1999 future kernel use
  • 2000 is for otherwise unclassified kernel audit messages (legacy)
  • 2001 - 2099 unused (kernel)
  • 2100 - 2199 user space anomaly records
  • 2200 - 2299 user space actions taken in response to anomalies
  • 2300 - 2399 user space generated LSPP events
  • 2400 - 2499 user space crypto events
  • 2500 - 2999 future user space (maybe integrity labels and related events)
  • Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are
  • exclusively user space. 1300-2099 is kernel --> user space
  • communication.
    */

------------------------------------------
除非特别声明,文章均为原创,版权与博客园共有,转载请保留出处
BUY ME COFFEE

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。