Date: Mon, 18 Jul 2016 11:24:24 +0200 From: Mateusz Piotrowski <0mp@FreeBSD.org> To: soc-status@FreeBSD.org Subject: Week 8 / Non-BSM to BSM Conversion Tools Message-ID: <7AB5EB4C-7C22-444F-AD04-19534C25CC9C@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hello, I=E2=80=99ve got a couple of interesting news for you. # Parsing According to what I=E2=80=99ve learnt from the Linux Audit mailing list = there is no document with the standard. Generally, no one is translating = and parsing Linux Audit logs on their own because there is a library = called auparse which is capable of parsing those not-so-well = standardised Linux logs. As a result my program is able to parse the = most recent version of Linux Audit which is not that great - Debian uses = a version from 2012 and CentOS a 2013 one.=20 I was told that in the near future auparse will have its interface = expanded and it will be easier to extract information from Linux Audit = records. # Conversion I=E2=80=99ve created an extensible and easy to use framework to = modify/improve the current conversion from Linux Audit to BSM. At the = moment most of the Linux Records are simply converted to text tokens = (see audit.log(5)).=20 In fact Linux Audit is a little bit of a constantly morphing black box = which means that logs might possibly contain anything inside. I was told = that it is about to change but you never know - remember that Debian = uses a 4 year old version of this software. # CentOS Now I am trying to get the most recent audit software on CentOS to see = how Linux Audit records should really look like. # Links: - Linux Audit userspace TODO: = https://github.com/linux-audit/audit-userspace/blob/master/TODO = <https://github.com/linux-audit/audit-userspace/blob/master/TODO>; - My email to linux-audit redhat com (Steve Grubb is a really nice = guy!): = https://www.redhat.com/archives/linux-audit/2016-July/msg00063.html = <https://www.redhat.com/archives/linux-audit/2016-July/msg00063.html>; Cheers, -m=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7AB5EB4C-7C22-444F-AD04-19534C25CC9C>