From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 29 20:29:31 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E9CB11065677 for ; Thu, 29 Jul 2010 20:29:31 +0000 (UTC) (envelope-from ligregni@unixmexico.org) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id BC7D08FC12 for ; Thu, 29 Jul 2010 20:29:31 +0000 (UTC) Received: by iwn35 with SMTP id 35so733647iwn.13 for ; Thu, 29 Jul 2010 13:29:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.146.135 with SMTP id h7mr401546ibv.149.1280433620838; Thu, 29 Jul 2010 13:00:20 -0700 (PDT) Received: by 10.231.192.65 with HTTP; Thu, 29 Jul 2010 13:00:20 -0700 (PDT) Date: Thu, 29 Jul 2010 15:00:20 -0500 Message-ID: From: Sergio Ligregni To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Improvement for Distributed Audit Project X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2010 20:29:32 -0000 I am Sergio Ligregni, from Mexico, I am currently working in the Distribute= d Audit Project at GSoC 2010, I want to ask your help in these things: HELP NEEDED: /*++++++++++++++++++++++*/ - which code should I base my development in getting parameters from a file= ? (I've searched some audit.c, auditd_fbsd.c, auditd.c but not got the function to do that, maybe I missed something), currently I have files like= : /var/audit /var2/audit 1000 yes 53686 and got the parameters with sscanf, but the right way (the one I want to know wich code to take as baseline): dir:/var/audit /var2/audit time: 1000 slave_dir: yes port: 53686 and not to use sscanf (the avoiding of that function is a security concern made by my mentor). I think I can do an algorithm to implement that, but maybe there is a better/safer way to do in order to keeping the standard. /*++++++++++++++++++++++*/ Currently I have this function to verify if a file is a trail, having it's name, this is very poor and it needs to be improved, any ideas? /* * When exploring /var/audit/ (or the directory where the trails are), not * all files are trails so we must ensure we will only deal with the ones * that are trails. */ static int is_audit_trail(char *path) { /* * We have these posibilities, only the first one is allowed * 20100619223115.20100619223131 20100619223131.not_terminated * current */ if (strlen(path) =3D=3D 29 && path[14] =3D=3D '.' && isdigit(path[15])) { /* XXX To improve this checking later */ return 1; } return 0; } /*++++++++++++++++++++++*/ By the way the Wiki and the Perforce Repository for this project are: http://wiki.freebsd.org/SOC2010SergioLigregni http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=3D//depot/projects/soc201= 0/disaudit&HIDEDEL=3DNO Thanks! --=20 ----------------------------------------------------------- Sergio Andr=E9s Ligregni Arredondo Estudiante Ingenier=EDa en Sistemas Computacionales, ITQ. Is UNIX Hot Enough for You? | FreeBSD