From owner-soc-status@freebsd.org Thu Aug 27 13:07:30 2020 Return-Path: Delivered-To: soc-status@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5B6533B1480 for ; Thu, 27 Aug 2020 13:07:30 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bcjgj48mwz4Zx3; Thu, 27 Aug 2020 13:07:29 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ej1-f50.google.com with SMTP id si26so7522698ejb.12; Thu, 27 Aug 2020 06:07:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=v3sxkvqTa741j2FTUgyT5DVY+kkgRQoYocOSAlYEbbU=; b=VyeaNS1ULscXMmWsfpDp9j2U9k36A/QeCinETgsjs8DJSv3Xfa5Hd5twD0QQUkmWjE dPTQtpWanxwf8/yFtncJphwa6RLT+mFMdBJ4/ksEVKmTAufmrx6phPUq1f0Wz7EhC0Uz zqf0tItMXVPORlfYwdqxfAEsUpsKl8XVNRSHiPu3s/kbbdZjhqADLqqwbAqAa12hoKpg ZX7HfHRW1plcl41l88qjG4Iy1XsaeW6bRk9lP5zFynWRsDl2gq2xia6qfhrKADRkrHuS KVpf8XpJEC6Z9oxu24vzVmUQW9/PKv/xdsC+WucNDUJmWqIshT9BzTJbv9tGhTJ/RBBi Ss3A== X-Gm-Message-State: AOAM533DGDoGnaB9Iqe8KTPAf3hGeK6R40t8tiWl5B8vOiEXf8SS1IFF z67FjcamzWjWIBtpPwlrazuxBgL8ohWSnw== X-Google-Smtp-Source: ABdhPJzydKxDs3PULGY51pVwdljLKIUuDS65y7JzKiiNWvqKQ0pwCNZ9d9QMcEkfUg2z9ftWS2fP1w== X-Received: by 2002:a17:906:2e05:: with SMTP id n5mr19807492eji.397.1598533647706; Thu, 27 Aug 2020 06:07:27 -0700 (PDT) Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com. [209.85.218.54]) by smtp.gmail.com with ESMTPSA id q15sm1435679edc.74.2020.08.27.06.07.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 27 Aug 2020 06:07:26 -0700 (PDT) Received: by mail-ej1-f54.google.com with SMTP id oz20so7570283ejb.5; Thu, 27 Aug 2020 06:07:26 -0700 (PDT) X-Received: by 2002:a17:906:5a83:: with SMTP id l3mr22005440ejq.14.1598533646053; Thu, 27 Aug 2020 06:07:26 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Thu, 27 Aug 2020 18:37:09 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'20 Weekly Update] Adding audit(4) support to NFS To: soc-status@freebsd.org Cc: Alan Somers X-Rspamd-Queue-Id: 4Bcjgj48mwz4Zx3 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.218.50 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-1.83 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-0.82)[-0.823]; RWL_MAILSPIKE_GOOD(0.00)[209.85.218.50:from]; RCVD_COUNT_THREE(0.00)[4]; NEURAL_HAM_MEDIUM(-0.85)[-0.850]; NEURAL_HAM_SHORT(-0.16)[-0.159]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[209.85.218.50:from]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MAILMAN_DEST(0.00)[soc-status] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Aug 2020 13:07:30 -0000 Hi, This project aims to add audit(4) support to NFS, which will allow auditd(8) to just run on the NFS server and audit all activities within the NFS network. Audit works mostly on the syscall level and NFS is implemented within the kernel, which means the NFS RPCs don't generate any audit records on the server. Note that audit(4) can still be used on the NFS network but auditd(8) must run on every NFS client. In this final week, I wish to update the summary of my 3-month GSoC project: Work Done: * familiarised me with FreeBSD audit and NFS code, the net/libnfs library for writing testsuite, and NFS RFCs. * Added audit support to NFSv2/v3 RPC. * Wrote Test Suite(using net/libnfs) for NFSv3 Audit support. * Added audit support to NFSv4(4, 4.1, 4.2) RPC and Sub-ops. * Wrote Skeleton for NFSv4 TestSuite and success/failure tests for ~20 Operations. With time, I got a glimpse of dealing with bugs, kernel panics, etc. And still learning how to deal with them. Work Remaining: * To add tests for the remaining NFSv4 operation. * Fix bugs in NFSv4 audit (especially, to found out why nfsrvd_open fails with NFSERR_GRACE?(ideally it should start working after 2-3 mins if it's in recovery) * enhance NFSAuditTestSuite (like adding more variety of Test-cases, finding and fixing bugs) * add NFS error code database to audit for return tokens. * enhancing audit support to NFS (like more adding more tokens of relevant info) This GSoC period has taught me awesome things about FreeBSD kernel, security, NFS, and OS in general. I'm very thankful to asomers@, rmacklem@uoguelph.ca, org-admins, and the FreeBSD community for constant help and support. Thanks, It feels great to be part of this community :) Happy Hacking! Please, do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/user/shivank/nfs_audit NFSv4 audit feature branch: https://github.com/shivankgarg98/freebsd/tree/user/shivank/nfsv4_audit Project wiki: https://wiki.freebsd.org/SummerOfCode2020Projects/AddAuditSupportToNFS TestSuite: https://github.com/shivankgarg98/NFSAuditTestSuite Please feel free to share your ideas and feedback on this project. Best Regards, Shivank Garg