From owner-trustedbsd-discuss@FreeBSD.ORG  Sun Sep 24 03:02:20 2006
Return-Path: <owner-trustedbsd-discuss@FreeBSD.ORG>
X-Original-To: trustedbsd-discuss@freebsd.org
Delivered-To: trustedbsd-discuss@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7EB0E16A407
	for <trustedbsd-discuss@freebsd.org>;
	Sun, 24 Sep 2006 03:02:20 +0000 (UTC)
	(envelope-from csjp@FreeBSD.org)
Received: from ems01.seccuris.com (ems01.seccuris.com [204.112.0.35])
	by mx1.FreeBSD.org (Postfix) with SMTP id CDC0B43D53
	for <trustedbsd-discuss@freebsd.org>;
	Sun, 24 Sep 2006 03:02:19 +0000 (GMT)
	(envelope-from csjp@FreeBSD.org)
Received: (qmail 2116 invoked by uid 86); 24 Sep 2006 03:41:59 -0000
Received: from unknown (HELO ?127.0.0.1?) (204.112.0.40)
	by ems01.seccuris.com with SMTP; 24 Sep 2006 03:41:59 -0000
Message-ID: <4515F53A.7020300@FreeBSD.org>
Date: Sat, 23 Sep 2006 22:02:18 -0500
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909)
MIME-Version: 1.0
To: trustedbsd-discuss@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Robert Watson <rwatson@FreeBSD.org>
Subject: auditreduce: Solaris compat -ofile= option
X-BeenThere: trustedbsd-discuss@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD General Discussion List <trustedbsd-discuss.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss>, 
	<mailto:trustedbsd-discuss-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-discuss>
List-Post: <mailto:trustedbsd-discuss@FreeBSD.org>
List-Help: <mailto:trustedbsd-discuss-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss>, 
	<mailto:trustedbsd-discuss-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Sep 2006 03:02:20 -0000

All,

I have modified our (OpenBSM's) version of auditreduce to be 
functionally equivalent (I hope) to the Solaris auditreduce with regard 
to processing pathnames.  Here is the patch:

http://people.freebsd.org/~csjp/auditreduce.c.1159024099.diff

The change basically entails adding support for regular expressions 
(comma delimited regexps) with the option to exclude things from 
searches. I also added support to allow the search patterns to have 
commas in them (by escaping them). Anyway, feedback/review would be 
great! I would love to get this submitted in time for the FreeBSD 6.2 
release cycle.

-- 
Christian S.J. Peron
csjp@FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team