PERFORCE change 78719 for review
Wayne Salamon
wsalamon at FreeBSD.org
Sun Jun 19 13:49:30 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=78719
Change 78719 by wsalamon at rickenbacker on 2005/06/19 13:48:50
Update auditd and audit command to use the new triggering facility
in auditon() syscall.
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/audit_supt/audit/audit.c#5 edit
.. //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#11 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/audit/audit.c#5 (text+ko) ====
@@ -6,13 +6,16 @@
*
*/
+#include <sys/queue.h>
+#include <sys/types.h>
+#include <sys/uio.h>
+
+#include <bsm/audit.h>
+
#include <fcntl.h>
+#include <stdio.h>
#include <stdlib.h>
-#include <stdio.h>
#include <unistd.h>
-#include <bsm/audit.h>
-#include <sys/types.h>
-#include <sys/uio.h>
void usage()
{
@@ -35,15 +38,15 @@
switch(ch) {
case 'n':
- trigger = AUDITD_TRIGGER_OPEN_NEW;
+ trigger = AUDIT_TRIGGER_OPEN_NEW;
break;
case 's':
- trigger = AUDITD_TRIGGER_READ_FILE;
+ trigger = AUDIT_TRIGGER_READ_FILE;
break;
case 't':
- trigger = AUDITD_TRIGGER_CLOSE_AND_DIE;
+ trigger = AUDIT_TRIGGER_CLOSE_AND_DIE;
break;
case '?':
@@ -52,7 +55,7 @@
break;
}
}
- if (auditctl(AC_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) {
+ if (auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) {
perror("Error sending trigger");
exit(-1);
} else {
==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#11 (text+ko) ====
@@ -29,19 +29,19 @@
#include <sys/types.h>
#include <sys/wait.h>
+#include <bsm/audit.h>
+#include <bsm/audit_uevents.h>
+#include <bsm/libbsm.h>
+
+#include <errno.h>
#include <fcntl.h>
-#include <time.h>
#include <stdio.h>
#include <stdlib.h>
+#include <time.h>
#include <unistd.h>
-#include <errno.h>
-#include <syslog.h>
#include <signal.h>
#include <string.h>
-
-#include <bsm/audit.h>
-#include <bsm/audit_uevents.h>
-#include <bsm/libbsm.h>
+#include <syslog.h>
#include "auditd.h"
#define NA_EVENT_STR_SIZE 25
@@ -186,7 +186,7 @@
if (open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP) < 0) {
perror("File open");
}
- else if (auditctl(AC_SETLOGFILE, &fn, sizeof(fn)) != 0) {
+ else if (auditctl(fn) != 0) {
syslog(LOG_ERR,
"auditctl failed setting log file! : %s\n",
strerror(errno));
@@ -288,6 +288,7 @@
char TS[POSTFIX_LEN];
int aufd;
token_t *tok;
+ long cond;
/* Generate an audit record */
if((aufd = au_open()) == -1) {
@@ -304,9 +305,10 @@
}
/* flush contents */
- err_ret = auditctl(AC_SHUTDOWN, NULL, 0);
+ cond = AUC_DISABLED;
+ err_ret = auditon(A_SETCOND, &cond, sizeof(cond));
if (err_ret != 0) {
- syslog(LOG_ERR, "auditctl failed! : %s\n",
+ syslog(LOG_ERR, "Disabling audit failed! : %s\n",
strerror(errno));
err_ret = 1;
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list