Expand description
Security audit framework
Tracks and logs security-relevant events for compliance and forensics.
§Features
- Structured audit events with timestamps, PIDs, UIDs, and action details
- Configurable event filtering via bitmask
- Persistent storage to VFS-backed audit log (
/var/log/audit.log) - Serialization to pipe-delimited text format
- Convenience functions for syscall, capability, and MAC audit logging
- Real-time alert callbacks for critical security events
- Statistics tracking
Structs§
- Audit
Event - Structured audit event record.
- Audit
Filter - Configurable audit event filter using a bitmask.
- Audit
Statistics - Detailed audit statistics snapshot.
Enums§
- Audit
Action - Structured audit action for detailed event logging.
- Audit
Event Type - Audit event type.
Traits§
- Alert
Callback - Trait for real-time audit alert handlers.
Functions§
- disable
- Disable audit logging.
- disable_
event_ type - Disable a specific event type in the filter.
- enable
- Enable audit logging.
- enable_
event_ type - Enable a specific event type in the filter.
- get_
detailed_ stats - Get detailed audit statistics.
- get_
filter - Get the current audit event filter.
- get_
stats - Get audit log statistics: (current_count, max_capacity).
- init
- Initialize audit system.
- log_
auth_ attempt - Log an authentication attempt.
- log_
capability - Log a capability operation with a specific action.
- log_
capability_ op - Log a capability operation (create, revoke, derive).
- log_
event - Log a structured audit event.
- log_
file_ access - Log a file access event.
- log_
mac_ decision - Log a MAC policy decision.
- log_
permission_ denied - Log a permission denial event.
- log_
process_ create - Log a process creation event.
- log_
process_ exit - Log a process exit event.
- log_
syscall - Log a system call event.
- register_
alert_ callback - Register a real-time alert callback.
- set_
filter - Set the audit event filter.