PERFORCE change 106498 for review

Robert Watson rwatson at FreeBSD.org
Fri Sep 22 04:31:19 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=106498

Change 106498 by rwatson at rwatson_peppercorn on 2006/09/22 11:30:25

	Add getacfilesz(3) and audit_control(5) filesz setting, which allows
	the administrator to specify the desired maximum audit trail size
	before the audit trail file is rotated.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#22 edit
.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#30 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_control#5 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#5 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#16 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#8 edit
.. //depot/projects/trustedbsd/openbsm/man/audit_control.5#12 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#22 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#22 $
  */
 
 #include <sys/types.h>
@@ -727,6 +727,8 @@
 	char naeventstr[NA_EVENT_STR_SIZE];
 	char polstr[POL_STR_SIZE];
 	long policy;
+	au_fstat_t au_fstat;
+	size_t filesz;
 
 	/*
 	 * Process the audit event file, obtaining a class mapping for each
@@ -806,6 +808,17 @@
 			    "Failed to set default audit policy: %m");
 	}
 
+	/*
+	 * Set trail rotation size.
+	 */
+	if (getacfilesz(&filesz) == 0) {
+		bzero(&au_fstat, sizeof(au_fstat));
+		au_fstat.af_filesz = filesz;
+		if (auditon(A_SETFSIZE, &au_fstat, sizeof(au_fstat)) < 0)
+			syslog(LOG_ERR, "Failed to set filesz: %m");
+	} else
+		syslog(LOG_ERR, "Failed to obtain filesz: %m");
+
 	return (0);
 }
 

==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#30 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#30 $
  */
 
 #ifndef _LIBBSM_H_
@@ -78,6 +78,7 @@
 
 #define	DIR_CONTROL_ENTRY	"dir"
 #define	MINFREE_CONTROL_ENTRY	"minfree"
+#define	FILESZ_CONTROL_ENTRY	"filesz"
 #define	FLAGS_CONTROL_ENTRY	"flags"
 #define	NA_CONTROL_ENTRY	"naflags"
 #define	POLICY_CONTROL_ENTRY	"policy"
@@ -719,6 +720,7 @@
 void			 endac(void);
 int			 getacdir(char *name, int len);
 int			 getacmin(int *min_val);
+int			 getacfilesz(size_t *size_val);
 int			 getacflg(char *auditstr, int len);
 int			 getacna(char *auditstr, int len);
 int			 getacpol(char *auditstr, size_t len);

==== //depot/projects/trustedbsd/openbsm/etc/audit_control#5 (text+ko) ====

@@ -1,8 +1,9 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#4 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#5 $
 #
 dir:/var/audit
 flags:lo
 minfree:20
 naflags:lo
 policy:cnt
+filesz:0

==== //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#5 (text+ko) ====

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2005 Robert N. M. Watson
+.\" Copyright (c) 2005-2006 Robert N. M. Watson
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#5 $
 .\"
 .Dd April 19, 2005
 .Dt AU_CONTROL 3
@@ -33,6 +33,7 @@
 .Nm endac ,
 .Nm getacdir ,
 .Nm getacmin ,
+.Nm getacfilesz ,
 .Nm getacflg ,
 .Nm getacna ,
 .Nm getacpol ,
@@ -52,6 +53,8 @@
 .Ft int
 .Fn getacmin "int *min_val"
 .Ft int
+.Fn getacfilesz "size_t *size_val"
+.Ft int
 .Fn getacflg "char *auditstr" "int len"
 .Ft int
 .Fn getacna "char *auditstr" "int len"
@@ -88,6 +91,10 @@
 .Va min_val
 variable.
 .Pp
+.Fn getacfilesz
+returns the audit trail rotation size in the passed size_t buffer
+.Fa size_val .
+.Pp
 .Fn getacflg
 returns the audit system flags via the the passed character buffer
 .Va auditstr

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#16 (text+ko) ====

@@ -27,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#15 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#16 $
  */
 
 #include <bsm/libbsm.h>
@@ -396,6 +396,46 @@
 }
 
 /*
+ * Return the desired trail rotation size from the audit control file.
+ */
+int
+getacfilesz(size_t *filesz_val)
+{
+	char *filesz, *dummy;
+	long long ll;
+
+	pthread_mutex_lock(&mutex);
+	setac_locked();
+	if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
+		pthread_mutex_unlock(&mutex);
+		return (-2);
+	}
+	if (filesz == NULL) {
+		pthread_mutex_unlock(&mutex);
+		errno = EINVAL;
+		return (1);
+	}
+	ll = strtoll(filesz, &dummy, 10);
+	if (*dummy != '\0') {
+		pthread_mutex_unlock(&mutex);
+		errno = EINVAL;
+		return (-1);
+	}
+	/*
+	 * The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE.  0
+	 * indicates no rotation size.
+	 */
+	if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
+		pthread_mutex_unlock(&mutex);
+		errno = EINVAL;
+		return (-1);
+	}
+	*filesz_val = ll;
+	pthread_mutex_unlock(&mutex);
+	return (0);
+}
+
+/*
  * Return the system audit value from the audit contol file.
  */
 int

==== //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#8 (text+ko) ====

@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#8 $
 .\"
 .Dd April 19, 2005
 .Dt LIBBSM 3
@@ -84,6 +84,7 @@
 .Xr endac 3 ,
 .Xr setac 3 ,
 .Xr getacdir 3 ,
+.Xr getacfilesz 3 ,
 .Xr getacflg 3 ,
 .Xr getacmin 3 ,
 .Xr getacna 3 ,

==== //depot/projects/trustedbsd/openbsm/man/audit_control.5#12 (text+ko) ====

@@ -1,4 +1,5 @@
 .\" Copyright (c) 2004 Apple Computer, Inc.
+.\" Copyright (c) 2006 Robert N. M. Watson
 .\" All rights reserved.
 .\" 
 .\" Redistribution and use in source and binary forms, with or without
@@ -25,7 +26,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#12 $
 .\"
 .Dd January 4, 2006
 .Dt AUDIT_CONTROL 5
@@ -66,6 +67,12 @@
 .It Va policy
 A list of global audit policy flags specifying various behaviors, such as
 fail stop, auditing of paths and arguments, etc.
+.It Va filesz
+Maximum trail size in bytes; if set to a non-0 value, the audit daemon will
+rotate the audit trail file at around this size.
+Sizes less than the minimum trail size (default of 512K) will be rejected as
+invalid.
+If 0, trail files will not be automatically rotated based on file size.
 .El
 .Sh AUDIT FLAGS
 Audit flags are a comma-delimited list of audit classes as defined in the
@@ -146,6 +153,7 @@
 minfree:20
 naflags:lo
 policy:cnt
+filesz:0
 .Ed
 .Pp
 The
@@ -156,7 +164,8 @@
 .Va policy
 parameter specifies that the system should neither fail stop nor suspend
 processes when the audit store fills.
-will be audited.
+The trail file will not be automatically rotated by the audit daemon based on
+file size.
 .Sh FILES
 .Bl -tag -width "/etc/security/audit_control" -compact
 .It Pa /etc/security/audit_control

More information about the trustedbsd-cvs mailing list