Date: Thu, 24 Aug 2006 14:51:49 -0500 From: "R. Tyler Ballance" <tyler@bleepsoft.com> To: trustedbsd-audit@FreeBSD.org Subject: Re: Darwin work Message-ID: <3408FA10-C9BA-4D48-9A1B-5537A02F1B7D@bleepsoft.com> In-Reply-To: <DA4DE11C-8702-4102-85E2-6407218E185A@computer.org> References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> <20060815193600.H45647@fledge.watson.org> <B3A55966-EBE6-4A81-B269-976682BE8E16@bleepsoft.com> <20060816132406.Y15941@fledge.watson.org> <CF2CAE1F-A9A0-4263-85BA-3D658A635CB2@bleepsoft.com> <DA4DE11C-8702-4102-85E2-6407218E185A@computer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 24, 2006, at 7:47 AM, Wayne Salamon wrote: > > On Aug 23, 2006, at 2:27 PM, R. Tyler Ballance wrote: > >> Am I looking in the wrong place? Should I be grepping some of the >> Xnu source for the Audit related code to find out how to handle >> the triggers spewed from Xnu's audit system? Or am i just being >> too dense to find the appropriate code in Apple's BSM code ;) > > The audit daemon handles the Mach triggers. The source is contained > in the system_cmds Darwin package, at > http://www.opensource.apple.com/darwinsource/10.4.7.ppc/ Ahck! Whoops, I had forgotten that Apple has a bunch of those smaller daemons packed away into the system_cmds package on the darwin source site. Thanks for the correction, I wasn't thinking properly yesterday it seems :) Cheers, - -R. Tyler Ballance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE7gNXqO6nEJfroRsRAu96AJ9S+EY8mBbFW/g/QvLC3whRDrkvYACeJqYo deJb/jnvzRcxbnQbugqQXFY= =kLSS -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3408FA10-C9BA-4D48-9A1B-5537A02F1B7D>