sample 5.3 based trusted os ;-)
Ilmar S. Habibulin
ilmar at watson.org
Mon Jan 24 08:58:03 GMT 2005
On Thu, 20 Jan 2005, Wayne Salamon wrote:
> Do you have a rough idea of what/how many syscalls you've added
> auditing to?
As i've promised i send specs for audited events in my implementation. It
consists of table, describing event, and list of tokens, that are included
in the record. List syntax is from trusted solaris manual.
PS. Don't ask me why some syscall is audited. I didn't carry out
deep analisis of what should and what shouldn't be audited. IMHO it is
much more easier to cut some fuctionality off, than to insert it. ;-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audited_events.txt.bz2
Type: application/octet-stream
Size: 4681 bytes
Desc:
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20050124/d48d2afe/audited_events.txt.obj
More information about the trustedbsd-discuss
mailing list