From owner-trustedbsd-audit@FreeBSD.ORG  Thu Aug 24 12:47:28 2006
Return-Path: <owner-trustedbsd-audit@FreeBSD.ORG>
X-Original-To: trustedbsd-audit@FreeBSD.org
Delivered-To: trustedbsd-audit@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 30BEB16A4DE
	for <trustedbsd-audit@FreeBSD.org>;
	Thu, 24 Aug 2006 12:47:28 +0000 (UTC)
	(envelope-from wsalamon@computer.org)
Received: from wsalamon.net (wsalamon.net [216.127.158.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB20643D90
	for <trustedbsd-audit@FreeBSD.org>;
	Thu, 24 Aug 2006 12:47:20 +0000 (GMT)
	(envelope-from wsalamon@computer.org)
Received: from [129.6.61.136] (tomservo.ncsl.nist.gov [129.6.61.136])
	by wsalamon.net (Postfix) with ESMTP
	id A06BE184DC2; Thu, 24 Aug 2006 08:47:13 -0400 (EDT)
In-Reply-To: <CF2CAE1F-A9A0-4263-85BA-3D658A635CB2@bleepsoft.com>
References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com>
	<20060815193600.H45647@fledge.watson.org>
	<B3A55966-EBE6-4A81-B269-976682BE8E16@bleepsoft.com>
	<20060816132406.Y15941@fledge.watson.org>
	<CF2CAE1F-A9A0-4263-85BA-3D658A635CB2@bleepsoft.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
X-Gpgmail-State: !signed
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <DA4DE11C-8702-4102-85E2-6407218E185A@computer.org>
Content-Transfer-Encoding: 7bit
From: Wayne Salamon <wsalamon@computer.org>
Date: Thu, 24 Aug 2006 08:47:12 -0400
To: R.Tyler Ballance <tyler@bleepsoft.com>
X-Mailer: Apple Mail (2.752.2)
Cc: trustedbsd-audit@FreeBSD.org
Subject: Re: Darwin work
X-BeenThere: trustedbsd-audit@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD Audit Discussion List <trustedbsd-audit.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit>, 
	<mailto:trustedbsd-audit-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-audit>
List-Post: <mailto:trustedbsd-audit@FreeBSD.org>
List-Help: <mailto:trustedbsd-audit-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit>, 
	<mailto:trustedbsd-audit-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2006 12:47:28 -0000


On Aug 23, 2006, at 2:27 PM, R. Tyler Ballance wrote:

> Am I looking in the wrong place? Should I be grepping some of the  
> Xnu source for the Audit related code to find out how to handle the  
> triggers spewed from Xnu's audit system? Or am i just being too  
> dense to find the appropriate code in Apple's BSM code ;)

The audit daemon handles the Mach triggers. The source is contained  
in the system_cmds Darwin package, at
http://www.opensource.apple.com/darwinsource/10.4.7.ppc/

Wayne
----------------------
Wayne Salamon
wsalamon@freebsd.org