Affected by 
Documentation
¶
Index ¶
Constants ¶
View Source
const UnknownValue = "?"
UnknownValue is used by auditd when a value is not provided.
Variables ¶
View Source
var ErrAuditdDisabled = trace.Errorf("auditd is disabled")
Functions ¶
func IsLoginUIDSet ¶
func IsLoginUIDSet() bool
IsLoginUIDSet returns true if login UID is set, false otherwise.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is auditd client.
func NewClient ¶
NewClient creates a new auditd client. Client is not connected when it is returned.
type EventType ¶
type EventType int
EventType represent auditd message type. Values comes from https://github.com/torvalds/linux/blob/08145b087e4481458f6075f3af58021a3cf8a940/include/uapi/linux/audit.h#L54
type Message ¶
type Message struct {
// SystemUser is a name of Linux user.
SystemUser string
// TeleportUser is a name of Teleport user.
TeleportUser string
// ConnAddress is an address of incoming connection.
ConnAddress string
// TTYName is a name of TTY used by SSH session is allocated, ex: /dev/tty1
// or 'teleport' if empty.
TTYName string
}
Message is an audit message. It contains TTY name, users and connection information.
func (*Message) SetDefaults ¶
func (m *Message) SetDefaults()
SetDefaults set default values to match what OpenSSH does.
type NetlinkConnector ¶
type NetlinkConnector interface {
Execute(m netlink.Message) ([]netlink.Message, error)
Receive() ([]netlink.Message, error)
Close() error
}
NetlinkConnector implements netlink related functionality.
type ResultType ¶
type ResultType string
const ( Success ResultType = "success" Failed ResultType = "failed" )
Source Files
Click to show internal directories.
Click to hide internal directories.