Date: Fri, 3 Feb 2006 15:53:09 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Re: HEADS UP: Audit integration into CVS in progress, some tree disruption Message-ID: <20060203144824.W77426@fledge.watson.org> In-Reply-To: <20060201221213.L87763@fledge.watson.org> References: <20060201221213.L87763@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 Feb 2006, Robert Watson wrote: > As Wayne and I are in the process of merging the TrustedBSD audit3 branch > contents into the FreeBSD CVS HEAD (7-CURRENT), there may be periods where > the tree is (hopefully briefly) unbuildable. This integration process will > take a couple of days to complete, due to the scope of the changes. So far, > the kernel audit framework has been committed (src/sys/security/audit), as > has an initial vendor import of OpenBSM for user space > (src/contrib/openbsm). What remains to be committed are the substantial > changes to gather audit data in system calls, the mappings of system calls > to audit events, and integration into the user space build and user space > applications (such as login). These bits are the trickier bits as the > patches are large and touch a lot of parts of the tree. > > I'll send out follow-up e-mail once the worst is past, along with > information on what it all means, and how to try it out (for those not > already on trustedbsd-audit, who have been hearing about this for a while). FYI, the current status is that the merge is continuing. So far we have merged: - OpenBSM library, commands, man pages, include files, etc. - sys/security/audit audit event management framework - etc/rc.d boot script, makefiles - Mapping of FreeBSD native system calls to audit events. To go are: - Mappings of non-native system calls to audit events. - Auditing of system call arguments. - Submission of audit records by user space components. So there are now enough pieces in the tree to configure auditing and see basic ../../../security/audit/audit_bsm_token.c system call traces. More to follow in the next couple of days. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060203144824.W77426>