kernelthread.com

Linux Audit Mechanism

About

"Laudit" is a dynamically loadable system call auditing, trailing and controlling mechanism for the Linux kernel using which it is possible to define arbitrary context sensitive operations upon system call execution. For example, a set of system calls can be denied to certain users. Arbitrary system time can be returned to specific applications (for testing time related bugs, say, like the erstwhile Y2K). It is also possible to associate the execution of certain user level programs (in a secure way) when certain actions occur. For example, users can associate passwords with files, etc.

Documentation

Currently the only documentation is the man-page for the "actl" utility (which is used to administer the audit mechanism). The man-page does contain more details of the scheme.

Disclaimer

Please note that this software was written several years ago, and is listed here only for archival purposes.