17 messages in org.freebsd.trustedbsd-auditHEADS UP: Audit integration into CVS ...| From | Sent On | Attachments |
|---|---|---|
| Robert Watson | Feb 1, 2006 10:15 pm | |
| Kövesdán Gábor | Feb 1, 2006 10:22 pm | |
| Julian Elischer | Feb 1, 2006 10:32 pm | |
| Robert Watson | Feb 1, 2006 10:32 pm | |
| Robert Watson | Feb 1, 2006 10:55 pm | |
| Mike Jakubik | Feb 2, 2006 12:03 am | |
| Robert Watson | Feb 2, 2006 12:35 am | |
| Kris Kennaway | Feb 2, 2006 12:40 am | |
| Robert Watson | Feb 2, 2006 12:50 am | |
| Mike Jakubik | Feb 2, 2006 12:54 am | |
| Kris Kennaway | Feb 2, 2006 12:57 am | |
| Robert Watson | Feb 2, 2006 1:17 am | |
| Tom Rhodes | Feb 2, 2006 2:13 am | |
| Mike Jakubik | Feb 2, 2006 3:15 am | |
| Peter Jeremy | Feb 2, 2006 9:02 am | |
| Doug Barton | Feb 3, 2006 1:19 am | |
| Robert Watson | Feb 3, 2006 3:52 pm |
| Subject: | HEADS UP: Audit integration into CVS in progress, some tree disruption | |
|---|---|---|
| From: | Robert Watson (rwat...@FreeBSD.org) | |
| Date: | Feb 3, 2006 3:52:46 pm | |
| List: | org.freebsd.trustedbsd-audit | |
On Wed, 1 Feb 2006, Robert Watson wrote:
As Wayne and I are in the process of merging the TrustedBSD audit3 branch contents into the FreeBSD CVS HEAD (7-CURRENT), there may be periods where the tree is (hopefully briefly) unbuildable. This integration process will take a couple of days to complete, due to the scope of the changes. So far, the kernel audit framework has been committed (src/sys/security/audit), as has an initial vendor import of OpenBSM for user space (src/contrib/openbsm). What remains to be committed are the substantial changes to gather audit data in system calls, the mappings of system calls to audit events, and integration into the user space build and user space applications (such as login). These bits are the trickier bits as the patches are large and touch a lot of parts of the tree.
I'll send out follow-up e-mail once the worst is past, along with information on what it all means, and how to try it out (for those not already on trustedbsd-audit, who have been hearing about this for a while).
FYI, the current status is that the merge is continuing. So far we have merged:
- OpenBSM library, commands, man pages, include files, etc. - sys/security/audit audit event management framework - etc/rc.d boot script, makefiles - Mapping of FreeBSD native system calls to audit events.
To go are:
- Mappings of non-native system calls to audit events. - Auditing of system call arguments. - Submission of audit records by user space components.
So there are now enough pieces in the tree to configure auditing and see basic ../../../security/audit/audit_bsm_token.c system call traces. More to follow in the next couple of days.
Robert N M Watson To Unsubscribe: send mail to majo...@trustedbsd.org with "unsubscribe trustedbsd-audit" in the body of the message