From owner-trustedbsd-discuss@freebsd.org Mon Nov 18 08:10:41 2019 Return-Path: Delivered-To: trustedbsd-discuss@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 81C131B9038 for ; Mon, 18 Nov 2019 08:10:41 +0000 (UTC) (envelope-from rahul_gopi@hotmail.com) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-oln040092005028.outbound.protection.outlook.com [40.92.5.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47GhTr3nxCz41mx for ; Mon, 18 Nov 2019 08:10:40 +0000 (UTC) (envelope-from rahul_gopi@hotmail.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=enQLS2RCk7HWygrfBTGvGFtfsCQ7u21XfGB9tCd5o701v/fHsqaOmyi35qQw8AyrSRPOmKevjmZq+olPCrpCmpdmFj/C1dJboASkeYYrfNARB8JwwnRAnpIXLitOOo6foKVBK/uiroJ+3iofi9HhMKS1MSWHT91ngTOolfsjran78PfAXqi8nOmqjDSUZJoqO/81AG91NaqpQlgRIwpkNnIn0CNEM+b+89O327xKEED7IDst2h3LE5sinT8ifC8AZnOQu2d1gL81XssHC9L4UQvORAtPP0j74eh4mUPuBT/Hp/u7LgSKJAkVIKme11VvkNihsHykdPg+DXPJQvbkIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g9kkvSZrOFRVoxd/dznQVlFHQ6D3HhSxujjCjbXoqK8=; b=iq97l0B+Ehymu8ofXH9sy0p2zfYmU6utgB/s7exsn5Ma//6+KrFb88gUorgE7gkbFSn6twhg9GfO+B0ZBKMelCoXOCTmI6wp/Mb9laPL79LAqcFbatyyFw/wy3AROQXfypkQoFK4ziUfric7XUCkIe08nwjuSJcp7JZFHvWyIswA8ndR0G7jEbZiDOA+BZHUjxKhAAPmchsQKzmR2vwJ0aHOLGw07wVNb+ekvLQte+Wp/zDhPglMiTEAHlx4ebcJ0flzOtPhQ8K337Z9M2cLT1bYCiUi9QCIiegMQh0rwn3NUgf4yfZN1Wa7SzoQMJE8wjxrBqwBJdguv2plIhjYZg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g9kkvSZrOFRVoxd/dznQVlFHQ6D3HhSxujjCjbXoqK8=; b=s/DjPCVh4nInm5mm8PpncDrhvPy77wMmCvcBsmRPpcLFQTgEI+OpXliOfCmDnYLh2F9uRGgYg/qMwPKExFvod9z8PZDl6NEw3imnY9ukA36YJtXSZz9EQCqJe3DY6xGVvFxDXVspjEQi9PkuHkSc/yx1ySeUgfjCpnu8SAAaJ1BYQILkqjZXr/yjCmcO/59ylWv8Ms90z/G2R8KO6OmYWv/Ypo5/IC/6saD6VbIQkS44uSCUV4mqU5S336DL+3vluKmJfIwdI+culEOFoZYIwg/kvKdUH2/xTQQxohD5Vt7t78n78jU/ir953mBFE7PtHWL+N9gOwe8msv6alBZJtQ== Received: from CY1NAM02FT061.eop-nam02.prod.protection.outlook.com (10.152.74.60) by CY1NAM02HT182.eop-nam02.prod.protection.outlook.com (10.152.75.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Mon, 18 Nov 2019 08:10:39 +0000 Received: from BY5PR08MB6280.namprd08.prod.outlook.com (10.152.74.54) by CY1NAM02FT061.mail.protection.outlook.com (10.152.75.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23 via Frontend Transport; Mon, 18 Nov 2019 08:10:38 +0000 Received: from BY5PR08MB6280.namprd08.prod.outlook.com ([fe80::c08a:4edd:95ae:136d]) by BY5PR08MB6280.namprd08.prod.outlook.com ([fe80::c08a:4edd:95ae:136d%7]) with mapi id 15.20.2451.029; Mon, 18 Nov 2019 08:10:38 +0000 From: Rahul Gopi To: "trustedbsd-discuss@freebsd.org" Subject: Enabling au_to_socket_ex for openbsm network events Thread-Topic: Enabling au_to_socket_ex for openbsm network events Thread-Index: AQHVnecvCViUHj2KfUGO6aZTzKACTw== Date: Mon, 18 Nov 2019 08:10:38 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:B8CFF8183C7B510BB0F0B44826814C785069B8B4051B19CAD4D6D0295A5923EC; UpperCasedChecksum:96A0247ADBE46E5B45566EDF9B742CC5DA700F42497E18ECE48B14FA16A21C76; SizeAsReceived:6733; Count:42 x-tmn: [L8ZGVz9SvJsS0flzcuhEaC8IZFZ7D4ap] x-ms-publictraffictype: Email x-incomingheadercount: 42 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 94ab54a3-cc8f-430d-b14b-08d76bfecc29 x-ms-traffictypediagnostic: CY1NAM02HT182: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: aOr6hsGgNbvTCfJgtVsAu30OUdSsa3KWBK00B14KC7PKuf6bQtZ3SYbpFphiq+hWiGoymATHSb64G2jrhq9fU4Vt9QspicftwII5dsZ5pLzmpy2zitkcs1lgWqjFrOE+WUGSmuC4tLRxQQeVl45+6BQ4inKSfwLpYTMKdHypodj2+RxHTkABSh5lH3NogRtT x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 94ab54a3-cc8f-430d-b14b-08d76bfecc29 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2019 08:10:38.6159 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT182 X-Rspamd-Queue-Id: 47GhTr3nxCz41mx X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hotmail.com header.s=selector1 header.b=s/DjPCVh; dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (mx1.freebsd.org: domain of rahul_gopi@hotmail.com designates 40.92.5.28 as permitted sender) smtp.mailfrom=rahul_gopi@hotmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; DWL_DNSWL_NONE(0.00)[hotmail.com.dwl.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[hotmail.com:s=selector1]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/15]; FREEMAIL_FROM(0.00)[hotmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(0.00)[ipnet: 40.64.0.0/10(-3.85), asn: 8075(-2.80), country: US(-0.05)]; DKIM_TRACE(0.00)[hotmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[hotmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[28.5.92.40.list.dnswl.org : 127.0.3.0]; TO_DN_EQ_ADDR_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[hotmail.com]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; RCVD_TLS_LAST(0.00)[]; ARC_ALLOW(-1.00)[i=1] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: trustedbsd-discuss@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2019 08:10:41 -0000 Hi, is there any way to enable au_to_socket_ex via audit_control configurat= ion ?. I am looking to get five tuple for network connections via auditd lo= g. >From documentation found the following. But not sure how to enable this in = auditd / openbsm - Interfaces to convert between local and BSM socket types and protocol families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3), au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions of constants in audit_domain.h and audit_socket_type.h Greatly appreciate any help. Regards Rahul