From owner-freebsd-security Mon Sep 20 8:34:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id B65E815AC7 for ; Mon, 20 Sep 1999 08:34:26 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA42392; Mon, 20 Sep 1999 11:33:58 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Mon, 20 Sep 1999 11:33:57 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Jobe Cc: ark@eltex.ru, freebsd@gndrsh.dnsmgr.net, security@FreeBSD.ORG Subject: Re: Real-time alarms In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'd advise against developing any more codebases for auditing--we already have two :-). I have a /dev/audit, submission of records from a number of syscalls, an auditd + IDS interface, and some log management code. Nate's folk are working on a better kernel interface and implementation, as was discussed on freebsd-security in July (please see archive for details). My userland library currently supports most of the posix.1e audit interface spec, and I have a set of posix.1e extensions for IDS modules. My hope is to adapt my auditd to speak Nate's kernel improvements, but continue to provide a standard interface and useful tools/etc. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message