Date: Fri, 22 Sep 2006 13:16:29 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 106504 for review Message-ID: <200609221316.k8MDGTC7008394@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=106504 Change 106504 by rwatson@rwatson_fledge on 2006/09/22 13:15:35 Add an audit_warn(5) event for the audit daemon closing a trail file. This could be used, for example, to hook the close event and compress the trail file. The event is never called for unterminated trail files left behind after, say, an improper shutdown. Affected files ... .. //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#6 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $ */ #include <sys/types.h> @@ -125,6 +125,21 @@ } /* + * Indicate that a trail file has been closed, so can now be post-processed. + */ +int +audit_warn_closefile(char *filename) +{ + char *args[3]; + + args[0] = CLOSEFILE_WARN; + args[1] = filename; + args[2] = NULL; + + return (auditwarnlog(args)); +} + +/* * Indicates that the audit deammn is already running */ int ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#22 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 $ */ #include <sys/types.h> @@ -163,9 +163,11 @@ syslog(LOG_ERR, "Could not rename %s to %s: %m", oldname, lastfile); - else + else { syslog(LOG_INFO, "renamed %s to %s", oldname, lastfile); + audit_warn_closefile(lastfile); + } } free(lastfile); free(oldname); ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 $ */ #ifndef _AUDITD_H_ @@ -62,6 +62,7 @@ #define HARDLIM_ALL_WARN "allhard" #define SOFTLIM_ALL_WARN "allsoft" #define AUDITOFF_WARN "auditoff" +#define CLOSEFILE_WARN "closefile" #define EBUSY_WARN "ebusy" #define GETACDIR_WARN "getacdir" #define HARDLIM_WARN "hard" @@ -76,6 +77,7 @@ int audit_warn_allhard(int count); int audit_warn_allsoft(void); int audit_warn_auditoff(void); +int audit_warn_closefile(char *filename); int audit_warn_ebusy(void); int audit_warn_getacdir(char *filename); int audit_warn_hard(char *filename);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609221316.k8MDGTC7008394>