/usr/share/gocode/src/redhat.com/audit/audit.go is in golang-redhat-audit-dev 1:2.8.2-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | package audit
/*
The audit package is a go bindings to libaudit that only allows for
logging audit events.
Author Steve Grubb <sgrubb@redhat.com>
*/
// #cgo pkg-config: audit
// #include "libaudit.h"
// #include <unistd.h>
// #include <stdlib.h>
// #include <string.h>
// #include <stdio.h>
import "C"
import (
"unsafe"
)
const (
AUDIT_VIRT_CONTROL = 2500
AUDIT_VIRT_RESOURCE = 2501
AUDIT_VIRT_MACHINE_ID = 2502
)
// type=VIRT_CONTROL msg=audit(08/05/2014 17:01:05.891:6471) : pid=1265 uid=root auid=unset ses=unset subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm=vm1 uuid=462dcd6d-fb68-4a26-a96f-56eb024515b9 vm-pid=22527 exe=/usr/sbin/libvirtd hostname=? addr=? terminal=? res=success'
func AuditValueNeedsEncoding(str string) bool {
cstr := C.CString(str)
defer C.free(unsafe.Pointer(cstr))
len := C.strlen(cstr)
res, _ := C.audit_value_needs_encoding(cstr, C.uint(len))
if res != 0 {
return true
}
return false
}
func AuditEncodeNVString(name string, value string) string {
cname := C.CString(name)
cval := C.CString(value)
cres := C.audit_encode_nv_string(cname, cval, 0)
C.free(unsafe.Pointer(cname))
C.free(unsafe.Pointer(cval))
defer C.free(unsafe.Pointer(cres))
return C.GoString(cres)
}
func AuditLogUserEvent(event_type int, message string, result bool) error {
var r int
fd := C.audit_open()
if result {
r = 1
} else {
r = 0
}
if fd != -1 {
cmsg := C.CString(message)
_, err := C.audit_log_user_message(fd, C.int(event_type), cmsg, nil, nil, nil, C.int(r))
C.free(unsafe.Pointer(cmsg))
C.close(fd)
return err
}
return nil
}
|