sample 5.3 based trusted os ;-)
Ilmar S. Habibulin
ilmar at watson.org
Fri Jan 21 20:18:14 GMT 2005
On Fri, 21 Jan 2005, Martin Englund wrote:
> >> Do you have a rough idea of what/how many syscalls you've added
> >> auditing to?
> > I'll send complete specification on audited 179 syscalls on Monday.
> What audit log format will you use?
Sun based of cause. Apple BSM code does that. I just hacked it a little
bit, so it differes from sun/apple in 2 things:
1. logs from freebsd/sparc can be read by praudit on freebsd/intel
and vice versa
2. i've found a file token description in trusted solaris audit manual. as
i understand, it must be inserted at the beginning and at the end of audit
trails. The token is inserted, but the ending file token must be corrected
by auditd daemon. the last is not implemented. I don't know, if file token
is really needed, i haven't seen it neither in solaris logs, nor in apple
implementation. And i have no docs, describing it.
I hope i understand the question right and answered it.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list