HEADS UP: Audit integration into CVS in progress, some tree
disruption
Robert Watson
rwatson at FreeBSD.org
Fri Feb 3 15:53:09 GMT 2006
On Wed, 1 Feb 2006, Robert Watson wrote:
> As Wayne and I are in the process of merging the TrustedBSD audit3 branch
> contents into the FreeBSD CVS HEAD (7-CURRENT), there may be periods where
> the tree is (hopefully briefly) unbuildable. This integration process will
> take a couple of days to complete, due to the scope of the changes. So far,
> the kernel audit framework has been committed (src/sys/security/audit), as
> has an initial vendor import of OpenBSM for user space
> (src/contrib/openbsm). What remains to be committed are the substantial
> changes to gather audit data in system calls, the mappings of system calls
> to audit events, and integration into the user space build and user space
> applications (such as login). These bits are the trickier bits as the
> patches are large and touch a lot of parts of the tree.
>
> I'll send out follow-up e-mail once the worst is past, along with
> information on what it all means, and how to try it out (for those not
> already on trustedbsd-audit, who have been hearing about this for a while).
FYI, the current status is that the merge is continuing. So far we have
merged:
- OpenBSM library, commands, man pages, include files, etc.
- sys/security/audit audit event management framework
- etc/rc.d boot script, makefiles
- Mapping of FreeBSD native system calls to audit events.
To go are:
- Mappings of non-native system calls to audit events.
- Auditing of system call arguments.
- Submission of audit records by user space components.
So there are now enough pieces in the tree to configure auditing and see basic
../../../security/audit/audit_bsm_token.c system call traces. More to follow
in the next couple of days.
Robert N M Watson
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message
More information about the trustedbsd-audit
mailing list