Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Jan 2008 00:08:48 GMT
From:      "Christian S.J. Peron" <csjp@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 133695 for review
Message-ID:  <200801200008.m0K08mOx009540@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=133695

Change 133695 by csjp@csjp_xor on 2008/01/20 00:08:27

	- Add option to auditreduce(1) which allows users to invert the sense
	  of matching.  If -v is specified, we will select records that do not
	  the specified criteria.
	- Document the option in auditreduce.1 man page.
	- Add a section to the HISTORY file.
	- Tweak a few documentation bugs in HISTORY, auditreduce should be
	  considered a general tool, not system maintenance procedure.
	  (auditreduce(8) -> auditreduce(1))
	
	Discussed with:	rwatson

Affected files ...

.. //depot/projects/trustedbsd/openbsm/HISTORY#60 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/HISTORY#60 (text+ko) ====

@@ -1,8 +1,11 @@
 OpenBSM 1.1 alpha 1
 
+- Add option to auditreduce(1) which allows users to invert sense of
+  matching, such that BSM records that do not match, are selected.
+
 OpenBSM 1.0
 
-- Fix bug in auditreduce(8) which resulted in a memory fault/crash when
+- Fix bug in auditreduce(1) which resulted in a memory fault/crash when
   the user specified an event name with -m.
 - Remove AU_.* hard-coded audit class constants, as udit classes are now
   entirely dynamically configured using /etc/security/audit_class.
@@ -15,7 +18,7 @@
 - Synchronized audit event list to Solaris, picking up the *at(2) system call
   definitions, now required for FreeBSD and Linux.  Added additional events
   for *at(2) system calls not present in Solaris.
-- Bugs in auditreduce(8) fixed allowing partial date strings to be used in
+- Bugs in auditreduce(1) fixed allowing partial date strings to be used in
   filtering events.
 
 OpenBSM 1.0 alpha 14
@@ -304,4 +307,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#59 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#60 $

==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 (text+ko) ====

@@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#14 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 $
 .\"
 .Dd January 24, 2004
 .Dt AUDITREDUCE 1
@@ -48,6 +48,7 @@
 .Op Fl o Ar object Ns = Ns Ar value
 .Op Fl r Ar ruid
 .Op Fl u Ar auid
+.Op Fl v
 .Op Ar
 .Sh DESCRIPTION
 The
@@ -127,6 +128,8 @@
 Select records with the given real user ID or name.
 .It Fl u Ar auid
 Select records with the given audit ID.
+.It Fl v
+Invert sense of matching, to select records that do not match.
 .El
 .Sh EXAMPLES
 To select all records associated with effective user ID root from the audit

==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#20 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 $
  */
 
 /* 
@@ -346,7 +346,7 @@
 select_hdr32(tokenstr_t tok, uint32_t *optchkd)
 {
 
-	SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m));
+	SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m | OPT_v));
 
 	/* The A option overrides a, b and d. */
 	if (!ISOPTSET(opttochk, OPT_A)) {
@@ -476,6 +476,7 @@
 	int bytesread;
 	int selected;
 	uint32_t optchkd;
+	int print;
 
 	int err = 0;
 	while ((reclen = au_read_rec(fp, &buf)) != -1) {
@@ -556,14 +557,12 @@
 			}
 			bytesread += tok.len;
 		}
-		if ((selected == 1) && (!err)) {
-			/* Check if all the options were matched. */
-			if (!(opttochk & ~optchkd)) {
-				/* XXX Write this record to the output file. */
-				/* default to stdout */
-				fwrite(buf, 1, reclen, stdout);
-			}
-		}
+		/* Check if all the options were matched. */
+		print = ((selected == 1) && (!err) && (!(opttochk & ~optchkd)));
+		if (ISOPTSET(opttochk, OPT_v))
+			print = !print;
+		if (print)
+			(void) fwrite(buf, 1, reclen, stdout);
 		free(buf);
 	}
 	return (0);
@@ -618,7 +617,7 @@
 
 	converr = NULL;
 
-	while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:")) != -1) {
+	while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) {
 		switch(ch) {
 		case 'A':
 			SETOPT(opttochk, OPT_A);
@@ -755,6 +754,10 @@
 			SETOPT(opttochk, OPT_u);
 			break;
 
+		case 'v':
+			SETOPT(opttochk, OPT_v);
+			break;
+
 		case '?':
 		default:
 			usage("Unknown option");

==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 $
  */
 
 #ifndef _AUDITREDUCE_H_
@@ -58,6 +58,7 @@
 #define OPT_r	0x00008000
 #define OPT_u	0x00010000
 #define OPT_A	0x00020000
+#define OPT_v	0x00040000
 
 #define FILEOBJ "file"
 #define MSGQIDOBJ "msgqid"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801200008.m0K08mOx009540>