KasperskyOS Community Edition 1.3
- What's new
- Introduction
- About KasperskyOS Community Edition
- Overview of KasperskyOS
- The KasperskyOS Developer's Quick Start Guide
- Getting started
- Using a Docker container
- Installation and removal
- Configuring the development environment
- KasperskyOS SDK Extension for Visual Studio Code
- Building and running examples
- Development for KasperskyOS
- Starting processes
- File systems and network
- Contents of the VFS component
- Creating an IPC channel to VFS
- Including VFS functionality in a program
- Overview: startup parameters and environment variables of VFS
- Mounting file systems when VFS starts
- Using VFS backends to separate data streams
- Creating a VFS backend
- Dynamically configuring the network stack
- IPC and transport
- Working with KPA packages
- KasperskyOS API
- Return codes
- libkos library
- Managing handles (handle_api.h)
- Managing virtual memory (vmm_api.h)
- Allocating and freeing memory (alloc.h)
- Using DMA (dma.h)
- Memory-mapped I/O (mmio.h)
- Managing interrupt processing (irq.h)
- Managing threads (high-level API thread.h)
- Managing threads (low-level API thread_api.h)
- Managing processes (high-level API task.h)
- Managing processes (low-level API task_api.h)
- Initializing IPC transport for interprocess communication and managing IPC request processing (transport-kos.h, transport-kos-dispatch.h)
- Initializing IPC transport for querying the security module (transport-kos-security.h)
- Generating random numbers (random_api.h)
- Getting and changing time values (time_api.h)
- Using notifications (notice_api.h)
- Dynamically creating IPC channels (cm_api.h, ns_api.h)
- Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
- Managing I/O memory isolation (iommu_api.h)
- Using queues (queue.h)
- Using memory barriers (barriers.h)
- Executing system calls (syscalls.h)
- IPC interrupt (ipc_api.h)
- Using sessions (session.h)
- Using KosObjects (objects.h)
- Using KosObject containers (objcontainer.h)
- Using KosStrings (strings.h)
- KasperskyOS kernel XHCI DbC driver management (xhcidbg_api.h)
- Receiving security audit data (vlog_api.h)
- Using futexes (sync.h)
- Getting IPC handles and RIIDs to use statically created IPC channels (sl_api.h)
- Power management (pm_api.h)
- POSIX support
- Obtaining statistical data on the system through the libc library API
- Dynamically creating IPC channels using the DCM system program
- MessageBus component
- LogRR component
- ExecutionManager component
- PackageManager component
- Building a KasperskyOS-based solution
- Debugging programs in a KasperskyOS-based solution
- Developing security policies
- Formal specifications of KasperskyOS-based solution components
- Describing a security policy for a KasperskyOS-based solution
- General information about a KasperskyOS-based solution security policy description
- PSL language syntax
- Setting the global parameters of a KasperskyOS-based solution security policy
- Including PSL files in a KasperskyOS-based solution security policy description
- Including EDL files in a KasperskyOS-based solution security policy description
- Creating security model objects
- Binding methods of security models to security events
- Creating security audit profiles
- Creating and performing tests for a KasperskyOS-based solution security policy
- PSL data types
- Examples of binding security model methods to security events
- Example descriptions of basic security policies for KasperskyOS-based solutions
- Examples of security audit profiles
- Examples of tests for KasperskyOS-based solution security policies
- KasperskyOS security models
- Pred security model
- Bool security model
- Math security model
- Struct security model
- Base security model
- Regex security model
- HashSet security model
- StaticMap security model
- StaticMap security model object
- StaticMap security model init rule
- StaticMap security model fini rule
- StaticMap security model set rule
- StaticMap security model commit rule
- StaticMap security model rollback rule
- StaticMap security model get expression
- StaticMap security model get_uncommitted expression
- Flow security model
- Mic security model
- Mic security model object
- Mic security model create rule
- Mic security model delete rule
- Mic security model execute rule
- Mic security model upgrade rule
- Mic security model call rule
- Mic security model invoke rule
- Mic security model read rule
- Mic security model write rule
- Mic security model query_level expression
- Using templates when creating a KasperskyOS-based solution security policy description
- Methods of KasperskyOS core endpoints
- Virtual memory endpoint
- I/O endpoint
- Threads endpoint
- Handles endpoint
- Processes endpoint
- Synchronization endpoint
- File system endpoints
- Time endpoint
- Hardware abstraction layer endpoint
- KasperskyOS kernel XHCI DbC driver management endpoint
- Audit endpoint
- Profiling endpoint
- I/O memory isolation management endpoint
- Connections endpoint
- Power management endpoint
- Notifications endpoint
- IPC interrupt endpoint
- Hardware platform firmware communication endpoint
- Using the system programs Klog and KlogStorage to perform a security audit
- Security patterns for development under KasperskyOS
- Developing drivers for KasperskyOS
- Appendices
- Examples in KasperskyOS Community Edition
- hello example
- echo example
- ping example
- net_with_separate_vfs example
- net2_with_separate_vfs example
- embedded_vfs example
- vfs_extfs example
- multi_vfs_ntpd example
- multi_vfs_dns_client example
- multi_vfs_dhcpcd example
- mqtt_publisher (Mosquitto) example
- mqtt_subscriber (Mosquitto) example
- gpio_input example
- gpio_output example
- gpio_interrupt example
- gpio_echo example
- koslogger example
- pcre example
- messagebus example
- i2c_ds1307_rtc example
- i2c_bm8563_rtc example
- iperf_separate_vfs example
- uart example
- spi_check_regs example
- barcode_scanner example
- watchdog_system_reset example
- shared_libs example
- pal_tests example
- hello_from_rust example
- hello_corrosion example
- mass_storage example
- can_loopback example
- can2can example
- adc_hello example
- Information about certain limits set in the system
- Examples in KasperskyOS Community Edition
- Licensing
- Data provision
- Glossary
- Address Space Layout Randomization
- Affinity mask
- Application
- Arena chunk descriptor
- Arena descriptor
- ASLR
- Callable handle
- Capability
- CDL
- Client
- Client library of the solution component
- Client process
- Conditional variable
- Constant part of an IPC message
- Critical section
- DCM handle
- Describing a security policy for a KasperskyOS-based solution
- Direct memory access
- DMA
- DMA buffer
- EDL
- Empty process
- Endpoint
- Endpoint interface
- Endpoint method
- Endpoint method ID
- Event
- Event mask
- Execute interface
- Formal specification of the KasperskyOS-based solution component
- Frozen state of a process
- Futex
- Global system information
- GSI
- Handle
- Handle dereferencing
- Handle inheritance tree
- Handle permissions mask
- Handle transport container
- Hardware interrupt
- IDL
- Inferior
- Init description
- Initializing program
- Interface method
- Interprocess communication
- IPC
- IPC channel
- IPC handle
- IPC message
- IPC message arena
- IPC request
- IPC response
- IPC transport
- KasperskyOS
- KasperskyOS security model
- KasperskyOS-based solution
- KasperskyOS-based solution component
- KPA package
- KPA package manifest
- KSM
- KSS
- Listener handle
- MDL
- MDL buffer
- Memory barrier
- Memory Descriptor List
- Message signaled interrupt
- MID
- MMIO
- MMIO memory
- Mutex
- Notification receiver
- OCap
- Operating performance point
- PAL
- PCB
- Process
- Process control block
- Processor mask
- Program
- PSL
- Read-write lock
- Recursive mutex
- Resource
- Resource consumer
- Resource integrity level
- Resource provider
- Resource transfer context
- Resource transfer context object
- RIID
- Runtime Implementation Identifier
- SCP
- Security audit
- Security audit configuration
- Security audit data
- Security audit profile
- Security audit runtime-level
- Security context
- Security event
- Security ID
- Security interface
- Security model expression
- Security model method
- Security model object
- Security model rule
- Security module decision
- Security pattern
- Security pattern system
- Security policy for a KasperskyOS-based solution
- Security template
- Seed
- Semaphore
- Server
- Server library of the solution component
- Server process
- SID
- SMP
- Static connection page
- Subject integrity level
- System program
- System resource
- TCB
- Thread
- Thread control block
- Thread local storage
- TLS
- Transport code
- Transport library
- User resource
- User resource context
- Information about third-party code
- Trademark notices
Developing security policies > Methods of KasperskyOS core endpoints > Audit endpoint
Audit endpoint
Audit endpoint
This endpoint is intended for reading the KasperskyOS kernel log containing security audit data.
Information about methods of the endpoint is provided in the table below.
Methods of the audit.Audit endpoint (kl.core.Audit interface)
Method |
Method purpose and parameters |
Potential danger of the method |
|---|---|---|
|
Purpose Opens the kernel log containing security audit data. Parameters
|
N/A |
|
Purpose Closes the kernel log containing security audit data. Parameters
|
N/A |
|
Purpose Receives a message from the kernel log containing security audit data. Parameters
|
Reads messages from the kernel log containing security audit data so that these messages are not received by another process. |
Article ID: kernel_methods_audit, Last review: Feb 20, 2025