From owner-soc-status@freebsd.org Tue Jun 23 18:24:39 2020 Return-Path: Delivered-To: soc-status@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1649533504C for ; Tue, 23 Jun 2020 18:24:39 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49rvnf2qMQz3gDx; Tue, 23 Jun 2020 18:24:38 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ej1-x62f.google.com with SMTP id a1so8569468ejg.12; Tue, 23 Jun 2020 11:24:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=oUhXNS7sw3Vq0tFju7AE70gGZ+IuvDf0Pnn5iVQxMBE=; b=j6o9sivFv/uVOQrxwqbjUiXFYkPuLbcqBSxLl/wcuMmscUgu6fWqvtd9k7ruIAqFPr dYaZ2hCUjaO8mlkt/va8TWx0gE/G6IAdi3VvzXp0reAr4ZwHGyGbvhbAIHbXQMjzNGGT r6JFXNrFSUW+y2nNT+FW+As4wyIsp3bJhSogrnXRAjwAOgdgCrpztzReRahkiPmzjPNG DNqJ3sH8LMlEFXscQ2AiuCjTwZPL+3pIrpzydA9SfcquHv8sGr0tM2Zs0cuGWZHOJIwx jnhaJYUHhELNvw9vClm6CnZAPu4RCQBFRa+AthT8PBSaxMQt2xeJnBTuE+hk4xXXZuHV wFXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=oUhXNS7sw3Vq0tFju7AE70gGZ+IuvDf0Pnn5iVQxMBE=; b=dqMCd8JqEW+fK32urCupzvxJXpqktCUAFEKm/PSNvbNQZgk5o95Xsu+FtinTO5Apnv xB7gdUd/cEwbky+XYjPsvv7stOwwaflzHxWYEL3o9L0iTUW335mFUJD7T98GGSk2qVDo 8q8i43im5R9bhiSE+VmeFOBIr4CUyibGiCT8S+fX5NF+Hdukfw8kTy3mo7l5b6wznMce XY+luvrsroeZr1n6YSl45fdWaXPhzGadjSsBZNhdnaRM6sBcX50BLW0JxmPxjuuB8MR1 AsG8RYQBcqb4WjP7+1I8W0OS8svoy9j06c8yYscQq+PLFsV3P8NC3cBDQYsIVGeFvL2p voVg== X-Gm-Message-State: AOAM530x6soJwGVpeOwM1dLBhWBUBiZcG5vG2jNwdn7r3oUNCoQLrlJu zFsOQvVPhWcVqiNazNE4JtbtapUhTPn40mDUhGE+jV/j3LU= X-Google-Smtp-Source: ABdhPJzrZCj7hKEQPXqyu1uzi0jvrg+4pjiP1htINW1bkqv566Q/iT+wne8XMkvCU5KgLR8aQMqdH1jOmxGTpPQO9s4= X-Received: by 2002:a17:906:a772:: with SMTP id fu18mr9009113ejb.324.1592936676507; Tue, 23 Jun 2020 11:24:36 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Tue, 23 Jun 2020 23:54:19 +0530 Message-ID: Subject: [GSoC'20 Weekly Update] Adding audit(4) support to NFS To: soc-status@freebsd.org Cc: Alan Somers X-Rspamd-Queue-Id: 49rvnf2qMQz3gDx X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=j6o9sivF; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 2a00:1450:4864:20::62f as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-3.35 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.03)[-1.029]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.002]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62f:from]; NEURAL_HAM_SHORT(-0.32)[-0.322]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2020 18:24:39 -0000 Hi, This project aims to add audit(4) support to NFS, which will allow auditd(8) to just run on the NFS server and audit all activities within the NFS network. Audit works mostly on the syscall level and NFS is implemented within the kernel, which means the NFS RPCs don't generate any audit records on the server. Note that audit(4) can still be used on the NFS network but auditd(8) must run on every NFS client. This week I made the following progress: * generate audit tokens for NFS RPC events. * added NFSRPC audit events to kernel audit_bsm_db Currently, I am: * looking into audit kernel code and userspace contrib/openbsm for inserting event-class mapping for NFS RPC events to kernel db. * do audit preselection based on audit_control * looking into net/libnfs port to write tests for NFS audit. Please, do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/user/shivank/nfs_audit Project wiki: https://wiki.freebsd.org/SummerOfCode2020Projects/AddAuditSupportToNFS Please feel free to share your ideas and feedback on this project. Best Regards, Shivank Garg