10 messages in org.freebsd.trustedbsd-auditRe: [sudo-workers] [patch] to add sup...| From | Sent On | Attachments |
|---|---|---|
| Christian Peron | Nov 27, 2008 6:27 pm |  .diff |
| Robert Watson | Nov 29, 2008 7:08 am | |
| Christian Peron | Nov 29, 2008 7:31 am | |
| Todd C. Miller | Nov 30, 2008 2:48 pm | |
| Christian Peron | Nov 30, 2008 4:01 pm | |
| mm w | Nov 30, 2008 4:14 pm | |
| Christian Peron | Dec 4, 2008 2:27 pm | |
| mm w | Dec 4, 2008 2:57 pm | |
| Christian Peron | Dec 4, 2008 5:41 pm | |
| mm w | Dec 4, 2008 6:30 pm |
| Subject: | Re: [sudo-workers] [patch] to add support for BSM audit records | |
|---|---|---|
| From: | Christian Peron (cs...@freebsd.org) | |
| Date: | Nov 30, 2008 4:01:19 pm | |
| List: | org.freebsd.trustedbsd-audit | |
Strange... not sure what happen here.
http://people.freebsd.org/~csjp/bsm_audit.c http://people.freebsd.org/~csjp/bsm_audit.h http://people.freebsd.org/~csjp/sudo.1228089242.diff
Anyway here are the most recent diffs. I've taken Roberts suggestions into consideration here and I've included the command line in the audit record. I am not sure that Apple is doing this.
One other area I need to dig a bit further into is the selection code.
Cheers
On Sun, Nov 30, 2008 at 05:49:22PM -0500, Todd C. Miller wrote:
In message <2008...@jnz.sqrt.ca> so spake Christian Peron (csjp):
I would like to propose a patch to add BSM audit support to sudo. This patch and associated files adds support for the Sun's Basic Security Module (BSM) Audit API and file format. It should be noted that currently FreeBSD, OS X and Solaris use BSM. I have not tested on Solaris or OS X but, this patch should build on both. This is a starting point, it's possible that I could be missing some key error conditions which require auditing.
As luck would have it I was reviewing the Apple BSD audit patches recently. It's too late for this to go into sudo 1.7.0 but I'd like to have official support for BSM and Linux auditing in version 1.7.1.
I don't see the bsm_audit.c file in your diff, BTW.
- todd
_______________________________________________ trus...@FreeBSD.org mailing list http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit To unsubscribe, send any mail to "trus...@FreeBSD.org"