K Linux Operating System Audit Events

This appendix maps audit event names used in the Linux Operating System to their equivalent values in the Additional Description, command_class and target_type fields in the Oracle AVDF audit record. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools. See also "Oracle Audit Vault and Database Firewall Database Schemas" for Oracle AVDF data warehouse details that may be useful in designing your own reports.

Table K-1 lists the Linux audit events and the equivalent Oracle AVDF events.

Table K-1 Linux Operating System Audit Events

Source Event Additional Description command_class target_type

LOGIN

 

LOGON

SYSTEM

USER_AUTH

 

AUTHENTICATE

USER

USER_ACCT

 

AUTHORIZE

USER

CRED_ACQ

 

ACQUIRE

USER

CRED_DISP

 

RESET

USER

DAEMON_START

 

AUDIT

AUDITSERVICE

DAEMON_END

 

NOAUDIT

AUDITSERVICE

DAEMON_ABORT

 

TERMINATE

AUDITSERVICE

DAEMON_CONFIG

 

CONFIGURE

AUDITSERVICE

DAEMON_ROTATE

 

UPDATE

AUDITSERVICE

DAEMON_RESUME

 

RESUME

AUDITSERVICE

CONFIG_CHANGE

audit_enabled record field contains 1 or 2

AUDIT

AUDITSERVICE

CONFIG_CHANGE

audit_enabled record field contains 0

NOAUDIT

AUDITSERVICE

CONFIG_CHANGE

op record field contains add rule

AUDIT

AUDITSERVICE

CONFIG_CHANGE

op record field contains remove rule

NOAUDIT

AUDITSERVICE

CONFIG_CHANGE

audit_failure record field contains value 0

NOAUDIT

AUDITSERVICE

CONFIG_CHANGE

audit_failure record field contains value 1

NOAUDIT

AUDITSERVICE

CONFIG_CHANGE

audit_failure record field contains value 2

NOAUDIT

AUDITSERVICE

CONFIG_CHANGE

any other CONFIG_CHANGE cases not specified above

UPDATE

AUDITSERVICE

CRYPTO_SESSION

 

START

SESSION

AVC

 

ACCESS

PRIVILEGE

MAC_POLICY_LOAD

 

ENABLE

POLICY

MAC_STATUS

 

UPDATE

SYSTEM

MAC_CONFIG_CHANGE

 

MODIFY

RULE

MAC_UNLBL_ALLOW

 

UPDATE

MODULE

MAC_CIPSOV4_ADD

 

CREATE

MODULE

MAC_CIPSOV4_DEL

 

DELETE

USER

MAC_MAP_ADD

 

CREATE

MODULE

MAC_MAP_DEL

 

DELETE

MODULE

MAC_IPSEC_ADDSA

 

CREATE

MODULE

MAC_IPSEC_DELSA

 

DELETE

MODULE

MAC_IPSEC_ADDSPD

 

MODIFY

MODULE

MAC_IPSEC_DELSPD

 

DELETE

MODULE

ANOM_PROMISCUOUS

 

UPDATE

DEVICE

ANOM_ABEND

 

EXECUTE

MODULE

ANOM_LOGIN_FAILURES

 

LOGIN

USER

ANOM_LOGIN_TIME

 

LOGIN

USER

ANOM_LOGIN_SESSIONS

 

LOGIN

USER

ANOM_LOGIN_LOCATION

 

LOGON

USER

RESP_ACCT_UNLOCK_ TIMED

 

ENABLE

USER

RESP_ACCT_LOCK

 

LOCK

USER

TTY

 

EXECUTE

KEYSTROKE

USER_AVC

 

ACCESS

PRIVILEGE

USER_ROLE_CHANGE

op record field is not present

MODIFY

USER

USER_ROLE_CHANGE

op record field contains add SELinux user record

ADD

USER

USER_ROLE_CHANGE

op record field contains delete SELinux user record

DELETE

USER

USER_ROLE_CHANGE

any other USER_ROLE_CHANGE cases not specified above

MODIFY

USER

LABEL_OVERRIDE

 

UPDATE

OBJECT

LABEL_LEVEL_CHANGE

 

UPDATE

OBJECT

USER_LABELED_EXPORT

 

EXPORT

OBJECT

USER_UNLABELED_ EXPORT

 

EXPORT

OBJECT

USER_START

 

START

USER

USER_END

 

END

USER

CRED_REFR

 

REFRESH

USER

USER_LOGIN

 

LOGIN

ACCOUNT

USER_LOGOUT

 

LOGOUT

ACCOUNT

USER_ERR

 

RAISE

USER

USYS_CONFIG

 

UPDATE

USER

USER_CMD

 

EXECUTE

PROGRAM

FS_RELABEL

 

MODIFY

SYSTEM

USER_CHAUTHTOK

op record field contains value change password

UPDATE

USER

USER_CHAUTHTOK

op record field contains value changing password

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change expired password

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change age

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change max age

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change min age

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change passwd warning

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change inactive days

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change passwd expiration

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change last change date

UPDATE

USER

USER_CHAUTHTOK

op record field contains value change all aging information

UPDATE

USER

USER_CHAUTHTOK

op record field contains value password attribute change

UPDATE

USER

USER_CHAUTHTOK

op record field contains value password aging data updated

UPDATE

USER

USER_CHAUTHTOK

op record field contains value display aging info

READ

USER

USER_CHAUTHTOK

op record field contains value password status display

READ

USER

USER_CHAUTHTOK

op record field contains value password status displayed for user

READ

USER

USER_CHAUTHTOK

op record field contains value adding to group

CREATE

USER

USER_CHAUTHTOK

op record field contains value adding group member

CREATE

USER

USER_CHAUTHTOK

op record field contains value adding user to group

CREATE

USER

USER_CHAUTHTOK

op record field contains value adding user to shadow group

CREATE

USER

USER_CHAUTHTOK

op record field contains value changing primary group

UPDATE

USER

USER_CHAUTHTOK

op record field contains value changing group member

UPDATE

USER

USER_CHAUTHTOK

op record field contains value changing admin name in shadow group

UPDATE

USER

USER_CHAUTHTOK

op record field contains value changing member in shadow group

UPDATE

USER

USER_CHAUTHTOK

op record field contains value deleting group password

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting member

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting user from group

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting user from shadow group

DELETE

USER

USER_CHAUTHTOK

op record field contains value removing group member

DELETE

USER

USER_CHAUTHTOK

op record field contains value removing user from shadow group

DELETE

USER

USER_CHAUTHTOK

op record field contains value user lookup

UPDATE

USER

USER_CHAUTHTOK

op record field contains value adding group

CREATE

USER

USER_CHAUTHTOK

op record field contains value deleting group

DELETE

USER

USER_CHAUTHTOK

op record field contains value adding user

CREATE

USER

USER_CHAUTHTOK

op record field contains value adding home directory

CREATE

USER

USER_CHAUTHTOK

op record field contains value deleting user entries

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting user not found

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting user

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting user logged in

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting mail file

DELETE

USER

USER_CHAUTHTOK

op record field contains value deleting home directory

DELETE

USER

USER_CHAUTHTOK

op record field contains value lock password

LOCK

USER

USER_CHAUTHTOK

op record field contains value delete password

DELETE

USER

USER_CHAUTHTOK

op record field contains value updating password

UPDATE

USER

USER_CHAUTHTOK

op record field contains value unlock password

UNLOCK

USER

USER_CHAUTHTOK

op record field contains value changing name

RENAME

USER

USER_CHAUTHTOK

op record field contains value changing uid

UPDATE

USER

USER_CHAUTHTOK

op record field contains value changing home directory

UPDATE

USER

USER_CHAUTHTOK

op record field contains value moving home directory

MOVE

USER

USER_CHAUTHTOK

op record field contains value changing mail file name

RENAME

USER

USER_CHAUTHTOK

op record field contains value changing mail file owner

UPDATE

USER

USER_CHAUTHTOK

 

UPDATE

USER

USER_TTY

 

EXECUTE

KEYSTROKE

ADD_GROUP

 

ADD

GROUP

ADD_USER

 

CREATE

USER

DEL_USER

 

DELETE

USER

SYSCALL

 

EXECUTE

SYSCALL

SYSCALL

SYSCALL record field contains value 0

READ

FILE

SYSCALL

SYSCALL record field contains value 1

WRITE

FILE

SYSCALL

SYSCALL record field contains value 2

OPEN

FILE

SYSCALL

SYSCALL record field contains value 3

CLOSE

FILE

SYSCALL

SYSCALL record field contains value 4

GET

FILE

SYSCALL

SYSCALL record field contains value 5

GET

FILE

SYSCALL

SYSCALL record field contains value 6

GET

FILE

SYSCALL

SYSCALL record field contains value 7

GET

FILE

SYSCALL

SYSCALL record field contains value 8

GET

FILE OFFSET

SYSCALL

SYSCALL record field contains value 9

SET

PAGE

SYSCALL

SYSCALL record field contains value 10

EXECUTE

MEMORY

SYSCALL

SYSCALL record field contains value 11

RESET

PAGE

SYSCALL

SYSCALL record field contains value 12

UPDATE

SPACE

SYSCALL

SYSCALL record field contains value 13

UPDATE

ACTION

SYSCALL

SYSCALL record field contains value 14

ACCESS

SIGNAL MASK

SYSCALL

SYSCALL record field contains value 15

UNDO

PROCESS

SYSCALL

SYSCALL record field contains value 16

CONTROL

DEVICE

SYSCALL

SYSCALL record field contains value 17

READ

FILE

SYSCALL

SYSCALL record field contains value 18

INSERT

FILE

SYSCALL

SYSCALL record field contains value 19

READ

FILE

SYSCALL

SYSCALL record field contains value 20

INSERT

FILE

SYSCALL

SYSCALL record field contains value 21

VALIDATE

PERMISSION

SYSCALL

SYSCALL record field contains value 22

CREATE

CHANNEL

SYSCALL

SYSCALL record field contains value 23

EXECUTE

FILE

SYSCALL

SYSCALL record field contains value 24

ACQUIRE

CPU

SYSCALL

SYSCALL record field contains value 25

RESET

MEMORY ADDRESS

SYSCALL

SYSCALL record field contains value 26

SYNCHRONIZE

FILE

SYSCALL

SYSCALL record field contains value 27

GET

PAGE

SYSCALL

SYSCALL record field contains value 28

EXECUTE

MEMORY

SYSCALL

SYSCALL record field contains value 29

ASSIGN

SEGMENT

SYSCALL

SYSCALL record field contains value 30

EXECUTE

MEMORY

SYSCALL

SYSCALL record field contains value 31

CONTROL

MEMORY

SYSCALL

SYSCALL record field contains value 32

COPY

FILE

SYSCALL

SYSCALL record field contains value 33

COPY

FILE

SYSCALL

SYSCALL record field contains value 34

WAIT

SIGNAL

SYSCALL

SYSCALL record field contains value 35

SUSPEND

THREAD

SYSCALL

SYSCALL record field contains value 36

GET

TIMER

SYSCALL

SYSCALL record field contains value 37

SET

ALARM

SYSCALL

SYSCALL record field contains value 38

SET

TIMER

SYSCALL

SYSCALL record field contains value 39

GET

PROCESS

SYSCALL

SYSCALL record field contains value 40

SEND

FILE

SYSCALL

SYSCALL record field contains value 41

CREATE

COMMUNICATION ENDPOINT

SYSCALL

SYSCALL record field contains value 42

CONNECT

SOCKET

SYSCALL

SYSCALL record field contains value 43

ACQUIRE

SOCKET CONNECTION

SYSCALL

SYSCALL record field contains value 44

SEND

MESSAGE

SYSCALL

SYSCALL record field contains value 45

RECEIVE

MESSAGE

SYSCALL

SYSCALL record field contains value 46

SEND

MESSAGE

SYSCALL

SYSCALL record field contains value 47

RECEIVE

MESSAGE

SYSCALL

SYSCALL record field contains value 48

STOP

CONNECTION

SYSCALL

SYSCALL record field contains value 49

BIND

NAME

SYSCALL

SYSCALL record field contains value 50

EXECUTE

CONNECTION

SYSCALL

SYSCALL record field contains value 51

GET

SOCKET

SYSCALL

SYSCALL record field contains value 52

GET

SOCKET

SYSCALL

SYSCALL record field contains value 53

CREATE

SOCKET

SYSCALL

SYSCALL record field contains value 54

SET

SOCKET

SYSCALL

SYSCALL record field contains value 55

GET

SOCKET

SYSCALL

SYSCALL record field contains value 56

COPY

PROCESS

SYSCALL

SYSCALL record field contains value 57

EXECUTE

PROCESS

SYSCALL

SYSCALL record field contains value 58

EXECUTE

PROCESS

SYSCALL

SYSCALL record field contains value 59

EXECUTE

PROCESS

SYSCALL

SYSCALL record field contains value 60

STOP

PROCESS

SYSCALL

SYSCALL record field contains value 61

WAIT

PROCESS

SYSCALL

SYSCALL record field contains value 62

SEND

SIGNAL

SYSCALL

SYSCALL record field contains value 63

GET

NAME

SYSCALL

SYSCALL record field contains value 64

GET

SEMAPHORE

SYSCALL

SYSCALL record field contains value 65

EXECUTE

SEMAPHORE

SYSCALL

SYSCALL record field contains value 66

CONTROL

SEMAPHORE

SYSCALL

SYSCALL record field contains value 67

EXECUTE

MEMORY

SYSCALL

SYSCALL record field contains value 68

GET

QUEUE ID

SYSCALL

SYSCALL record field contains value 69

SEND

MESSAGE

SYSCALL

SYSCALL record field contains value 70

RECEIVE

MESSAGE

SYSCALL

SYSCALL record field contains value 71

CONTROL

MESSAGE

SYSCALL

SYSCALL record field contains value 72

UPDATE

FILE

SYSCALL

SYSCALL record field contains value 73

LOCK

FILE

SYSCALL

SYSCALL record field contains value 74

SYNCHRONIZE

FILE

SYSCALL

SYSCALL record field contains value 75

SYNCHRONIZE

FILE

SYSCALL

SYSCALL record field contains value 76

TRUNCATE

FILE

SYSCALL

SYSCALL record field contains value 77

TRUNCATE

FILE

SYSCALL

SYSCALL record field contains value 78

GET

ENTRIES

SYSCALL

SYSCALL record field contains value 79

GET

DIRECTORY

SYSCALL

SYSCALL record field contains value 80

UPDATE

DIRECTORY

SYSCALL

SYSCALL record field contains value 81

UPDATE

DIRECTORY

SYSCALL

SYSCALL record field contains value 82

UPDATE

FILE

SYSCALL

SYSCALL record field contains value 83

CREATE

DIRECTORY

SYSCALL

SYSCALL record field contains value 84

DELETE

DIRECTORY

SYSCALL

SYSCALL record field contains value 85

CREATE

FILE OR DEVICE

SYSCALL

SYSCALL record field contains value 86

CONNECT

FILE

SYSCALL

SYSCALL record field contains value 87

DISCONNECT

FILE

SYSCALL

SYSCALL record field contains value 88

CONNECT

FILE

SYSCALL

SYSCALL record field contains value 89

READ

VALUE

SYSCALL

SYSCALL record field contains value 90

UPDATE

FILE

SYSCALL

SYSCALL record field contains value 91

UPDATE

FILE

SYSCALL

SYSCALL record field contains value 92

UPDATE

OWNERSHIP

SYSCALL

SYSCALL record field contains value 93

UPDATE

OWNERSHIP

SYSCALL

SYSCALL record field contains value 94

UPDATE

OWNERSHIP

SYSCALL

SYSCALL record field contains value 95

SET

MASK

SYSCALL

SYSCALL record field contains value 96

GET

TIME

SYSCALL

SYSCALL record field contains value 97

GET

LIMIT

SYSCALL

SYSCALL record field contains value 98

GET

USAGE

SYSCALL

SYSCALL record field contains value 99

GET

INFORMATION

SYSCALL

SYSCALL record field contains value 100

GET

TIME

SYSCALL

SYSCALL record field contains value 101

SEARCH

PROCESS

SYSCALL

SYSCALL record field contains value 102

GET

USER

SYSCALL

SYSCALL record field contains value 103

READ

LOG

SYSCALL

SYSCALL record field contains value 104

GET

GROUP

SYSCALL

SYSCALL record field contains value 105

SET

USER

SYSCALL

SYSCALL record field contains value 106

GET

GROUP

SYSCALL

SYSCALL record field contains value 107

GET

USER

SYSCALL

SYSCALL record field contains value 108

GET

GROUP

SYSCALL

SYSCALL record field contains value 109

SET

GROUP

SYSCALL

SYSCALL record field contains value 110

GET

PROCESS

SYSCALL

SYSCALL record field contains value 111

GET

PROCESS GROUP

SYSCALL

SYSCALL record field contains value 112

SET

PROCESS GROUP

SYSCALL

SYSCALL record field contains value 113

SET

USER

SYSCALL

SYSCALL record field contains value 114

SET

GROUP

SYSCALL

SYSCALL record field contains value 115

GET

GROUP

SYSCALL

SYSCALL record field contains value 116

SET

GROUP

SYSCALL

SYSCALL record field contains value 117

SET

USER

SYSCALL

SYSCALL record field contains value 118

GET

USER

SYSCALL

SYSCALL record field contains value 119

SET

GROUP

SYSCALL

SYSCALL record field contains value 120

GET

GROUP

SYSCALL

SYSCALL record field contains value 121

GET

PROCESS GROUP

SYSCALL

SYSCALL record field contains value 122

SET

USER IDENTITY

SYSCALL

SYSCALL record field contains value 123

SET

GROUP IDENTITY

SYSCALL

SYSCALL record field contains value 124

GET

SESSION

SYSCALL

SYSCALL record field contains value 125

GET

CAPABILITIES

SYSCALL

SYSCALL record field contains value 126

SET

CAPABILITIES

SYSCALL

SYSCALL record field contains value 127

SEARCH

SIGNAL

SYSCALL

SYSCALL record field contains value 128

WAIT

SIGNAL

SYSCALL

SYSCALL record field contains value 129

QUEUE

SIGNAL

SYSCALL

SYSCALL record field contains value 130

WAIT

SIGNAL

SYSCALL

SYSCALL record field contains value 131

SET

CONTEXT

SYSCALL

SYSCALL record field contains value 132

UPDATE

TIME

SYSCALL

SYSCALL record field contains value 133

CREATE

FILE

SYSCALL

SYSCALL record field contains value 134

EXECUTE

SYSTEM CALLS

SYSCALL

SYSCALL record field contains value 135

SET

DOMAIN

SYSCALL

SYSCALL record field contains value 136

GET

STATISTICS

SYSCALL

SYSCALL record field contains value 137

GET

STATISTICS

SYSCALL

SYSCALL record field contains value 138

GET

STATISTICS

SYSCALL

SYSCALL record field contains value 139

GET

INFORMATION

SYSCALL

SYSCALL record field contains value 140

GET

PRIORITY

SYSCALL

SYSCALL record field contains value 141

SET

PRIORITY

SYSCALL

SYSCALL record field contains value 142

SET

PARAMETERS

SYSCALL

SYSCALL record field contains value 143

GET

PARAMETERS

SYSCALL

SYSCALL record field contains value 144

SET

POLICY OR PARAMETERS

SYSCALL

SYSCALL record field contains value 145

GET

POLICY OR PARAMETERS

SYSCALL

SYSCALL record field contains value 146

GET

PRIORITY

SYSCALL

SYSCALL record field contains value 147

GET

PRIORITY

SYSCALL

SYSCALL record field contains value 148

GET

INTERVAL

SYSCALL

SYSCALL record field contains value 149

LOCK

MEMORY

SYSCALL

SYSCALL record field contains value 150

UNLOCK

MEMORY

SYSCALL

SYSCALL record field contains value 151

LOCK

MEMORY

SYSCALL

SYSCALL record field contains value 152

UNLOCK

MEMORY

SYSCALL

SYSCALL record field contains value 153

WAIT

TERMINAL

SYSCALL

SYSCALL record field contains value 154

UPDATE

TABLE

SYSCALL

SYSCALL record field contains value 155

UPDATE

FILE

SYSCALL

SYSCALL record field contains value 156

UPDATE

PARAMETERS

SYSCALL

SYSCALL record field contains value 157

EXECUTE

PROCESS

SYSCALL

SYSCALL record field contains value 158

SET

STATE

SYSCALL

SYSCALL record field contains value 159

SET

STATE

SYSCALL

SYSCALL record field contains value 160

SET

RESOURCE LIMIT

SYSCALL

SYSCALL record field contains value 161

UPDATE

DIRECTORY

SYSCALL

SYSCALL record field contains value 162

COMMIT

CACHE

SYSCALL

SYSCALL record field contains value 163

UPDATE

ACCOUNTING

SYSCALL

SYSCALL record field contains value 164

SET

TIME

SYSCALL

SYSCALL record field contains value 165

MOUNT

FILE

SYSCALL

SYSCALL record field contains value 166

UNMOUNT

FILE

SYSCALL

SYSCALL record field contains value 167

START

FILE

SYSCALL

SYSCALL record field contains value 168

STOP

FILE

SYSCALL

SYSCALL record field contains value 169

START

SYSTEM

SYSCALL

SYSCALL record field contains value 170

SET

HOSTNAME

SYSCALL

SYSCALL record field contains value 171

SET

DOMAINNAME

SYSCALL

SYSCALL record field contains value 172

UPDATE

IOPL

SYSCALL

SYSCALL record field contains value 173

UPDATE

PERMISSION

SYSCALL

SYSCALL record field contains value 174

CREATE

MODULE

SYSCALL

SYSCALL record field contains value 175

INITIALIZE

MODULE

SYSCALL

SYSCALL record field contains value 176

DELETE

MODULE

SYSCALL

SYSCALL record field contains value 177

GET

KERNEL

SYSCALL

SYSCALL record field contains value 178

QUERY

KERNEL

SYSCALL

SYSCALL record field contains value 179

EXECUTE

QUOTAS

SYSCALL

SYSCALL record field contains value 180

EXECUTE

KERNEL

SYSCALL

SYSCALL record field contains value 186

GET

THREAD

SYSCALL

SYSCALL record field contains value 187

LOAD

CACHE

SYSCALL

SYSCALL record field contains value 188

SET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 189

SET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 190

SET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 191

GET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 192

GET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 193

GET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 194

READ

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 195

READ

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 196

READ

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 197

DELETE

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 198

DELET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 199

DELETE

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 200

SEND

SIGNAL

SYSCALL

SYSCALL record field contains value 201

GET

TIME

SYSCALL

SYSCALL record field contains value 202

WAIT

ADDRESS

SYSCALL

SYSCALL record field contains value 203

SET

MASK

SYSCALL

SYSCALL record field contains value 204

GET

MASK

SYSCALL

SYSCALL record field contains value 205

SET

STORAGE

SYSCALL

SYSCALL record field contains value 206

CREATE

CONTEXT

SYSCALL

SYSCALL record field contains value 207

DELETE

CONTEXT

SYSCALL

SYSCALL record field contains value 208

READ

EVENTS

SYSCALL

SYSCALL record field contains value 209

SUBMIT

BLOCK

SYSCALL

SYSCALL record field contains value 210

CANCEL

OPERATION

SYSCALL

SYSCALL record field contains value 211

GET

STORAGE

SYSCALL

SYSCALL record field contains value 212

RESUME

PATH

SYSCALL

SYSCALL record field contains value 213

OPEN

FILE

SYSCALL

SYSCALL record field contains value 215

WAIT

FILE

SYSCALL

SYSCALL record field contains value 216

CREATE

MAPPING

SYSCALL

SYSCALL record field contains value 217

GET

DIRECTORY

SYSCALL

SYSCALL record field contains value 218

SET

POINTER

SYSCALL

SYSCALL record field contains value 219

START

SYSCALL

SYSCALL

SYSCALL record field contains value 220

EXECUTE

SEMAPHORE

SYSCALL

SYSCALL record field contains value 221

SUBSCRIBE

PATTERN

SYSCALL

SYSCALL record field contains value 222

CREATE

TIMER

SYSCALL

SYSCALL record field contains value 223

EXECUTE

TIMER

SYSCALL

SYSCALL record field contains value 224

EXECUTE

TIMER

SYSCALL

SYSCALL record field contains value 225

GET

TIMER

SYSCALL

SYSCALL record field contains value 226

DELETE

TIMER

SYSCALL

SYSCALL record field contains value 227

SET

CLOCK

SYSCALL

SYSCALL record field contains value 228

GET

CLOCK

SYSCALL

SYSCALL record field contains value 229

FIND

CLOCK

SYSCALL

SYSCALL record field contains value 230

WAIT

CLOCK

SYSCALL

SYSCALL record field contains value 231

EXIT

THREAD

SYSCALL

SYSCALL record field contains value 232

WAIT

EVENT

SYSCALL

SYSCALL record field contains value 234

SEND

SIGNAL

SYSCALL

SYSCALL record field contains value 235

UPDATE

TIME

SYSCALL

SYSCALL record field contains value 237

EXECUTE

SET

SYSCALL

SYSCALL record field contains value 238

EXECUTE

SET

SYSCALL

SYSCALL record field contains value 239

SET

SET

SYSCALL

SYSCALL record field contains value 240

OPEN

QUEUE

SYSCALL

SYSCALL record field contains value 241

DISCONNECT

QUEUE

SYSCALL

SYSCALL record field contains value 242

SEND

MESSAGE

SYSCALL

SYSCALL record field contains value 243

RECEIVE

MESSAGE

SYSCALL

SYSCALL record field contains value 244

REGISTER

NOTIFICATION

SYSCALL

SYSCALL record field contains value 245

GET

ATTRIBUTE

SYSCALL

SYSCALL record field contains value 246

LOAD

KERNEL

SYSCALL

SYSCALL record field contains value 247

WAIT

PROCESS

SYSCALL

SYSCALL record field contains value 248

CREATE

KEY

SYSCALL

SYSCALL record field contains value 249

REQUEST

KEY

SYSCALL

SYSCALL record field contains value 250

EXECUTE

KERNEL

SYSCALL

SYSCALL record field contains value 251

SET

PRIORITY

SYSCALL

SYSCALL record field contains value 252

GET

PRIORITY

SYSCALL

SYSCALL record field contains value 253

INITIALIZE

INSTANCE

SYSCALL

SYSCALL record field contains value 254

CREATE

INSTANCE

SYSCALL

SYSCALL record field contains value 255

DELETE

INSTANCE

SYSCALL

SYSCALL record field contains value 256

MOVE

PAGE

SYSCALL

SYSCALL record field contains value 257

OPEN

FILE

SYSCALL

SYSCALL record field contains value 258

CREATE

DIRECTORY

SYSCALL

SYSCALL record field contains value 259

CREATE

FILE

SYSCALL

SYSCALL record field contains value 260

UPDATE

FILE OR DIRECTORY

SYSCALL

SYSCALL record field contains value 261

UPDATE

TIMESTAMP

SYSCALL

SYSCALL record field contains value 262

GET

STATUS

SYSCALL

SYSCALL record field contains value 263

REMOVE

FILE

SYSCALL

SYSCALL record field contains value 264

RENAME

FILE

SYSCALL

SYSCALL record field contains value 265

CREATE

LINK

SYSCALL

SYSCALL record field contains value 266

CREATE

LINK

SYSCALL

SYSCALL record field contains value 267

READ

LINK

SYSCALL

SYSCALL record field contains value 268

UPDATE

FILE

SYSCALL

SYSCALL record field contains value 269

VALIDATE

FILE

SYSCALL

SYSCALL record field contains value 270

EXECUTE

FILE

SYSCALL

SYSCALL record field contains value 271

WAIT

EVENT

SYSCALL

SYSCALL record field contains value 272

DISASSOCIATE

CONTEXT

SYSCALL

SYSCALL record field contains value 273

SET

LIST

SYSCALL

SYSCALL record field contains value 274

GET

LIST

SYSCALL

SYSCALL record field contains value 275

EXECUTE

DATA

SYSCALL

SYSCALL record field contains value 276

COPY

CONTENT

SYSCALL

SYSCALL record field contains value 277

SYNCHRONIZE

SEGMENT

SYSCALL

SYSCALL record field contains value 278

EXECUTE

PAGE

SYSCALL

SYSCALL record field contains value 279

MOVE

PAGE

SYSCALL

SYSCALL record field contains value 280

UPDATE

TIMESTAMP

SYSCALL

SYSCALL record field contains value 281

WAIT

EVENT

SYSCALL

SYSCALL record field contains value 282

CREATE

FILE

SYSCALL

SYSCALL record field contains value 283

EXECUTE

TIMER

SYSCALL

SYSCALL record field contains value 284

CREATE

FILE

SYSCALL

SYSCALL record field contains value 285

EXECUTE

SPACE

SYSCALL

SYSCALL record field contains value 286

CREATE

TIMER

SYSCALL

SYSCALL record field contains value 287

GET

TIMER

SYSCALL

SYSCALL record field contains value 288

ACQUIRE

CONNECTION

SYSCALL

SYSCALL record field contains value 289

CREATE

FILE

SYSCALL

SYSCALL record field contains value 290

CREATE

FILE

SYSCALL

SYSCALL record field contains value 291

OPEN

FILE

SYSCALL

SYSCALL record field contains value 292

COPY

FILE

SYSCALL

SYSCALL record field contains value 293

CREATE

PIPE

SYSCALL

SYSCALL record field contains value 294

INITIALIZE

INSTANCE

SYSCALL

SYSCALL record field contains value 295

READ

DATA

SYSCALL

SYSCALL record field contains value 296

WRITE

DATA

SYSCALL

SYSCALL record field contains value 297

SUBSCRIBE

DATA

SYSCALL

SYSCALL record field contains value 298

CREATE

FILE

SELINUX_ERR

 

RAISE

SYSTEM

SYSTEM_SHUTDOWN

 

SHUTDOWN

OS

ROLE_REMOVE

 

DELETE

ROLE

ROLE_ASSIGN

 

ASSIGN

ROLE

SYSTEM_RUNLEVEL

 

STOP

SYSTEM

NETFILTER_CFG

 

CONFIGURE

SOCKET

DEL_GROUP

 

DELETE

GROUP

CRYPTO_KEY_USER

 

DISCONNECT

USER SESSION