From owner-trustedbsd-audit@FreeBSD.ORG  Thu Aug 24 19:52:13 2006
Return-Path: <owner-trustedbsd-audit@FreeBSD.ORG>
X-Original-To: trustedbsd-audit@FreeBSD.org
Delivered-To: trustedbsd-audit@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8B2DD16A4E1
	for <trustedbsd-audit@FreeBSD.org>;
	Thu, 24 Aug 2006 19:52:13 +0000 (UTC)
	(envelope-from tyler@bleepsoft.com)
Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5757E43D80
	for <trustedbsd-audit@FreeBSD.org>;
	Thu, 24 Aug 2006 19:51:56 +0000 (GMT)
	(envelope-from tyler@bleepsoft.com)
Received: from cpe-24-26-238-91.satx.res.rr.com ([24.26.238.91]
	helo=[192.168.250.100])
	by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52)
	id 1GGLGO-00038i-Bi
	for trustedbsd-audit@FreeBSD.org; Thu, 24 Aug 2006 12:53:16 -0700
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <DA4DE11C-8702-4102-85E2-6407218E185A@computer.org>
References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com>
	<20060815193600.H45647@fledge.watson.org>
	<B3A55966-EBE6-4A81-B269-976682BE8E16@bleepsoft.com>
	<20060816132406.Y15941@fledge.watson.org>
	<CF2CAE1F-A9A0-4263-85BA-3D658A635CB2@bleepsoft.com>
	<DA4DE11C-8702-4102-85E2-6407218E185A@computer.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <3408FA10-C9BA-4D48-9A1B-5537A02F1B7D@bleepsoft.com>
Content-Transfer-Encoding: 7bit
From: "R. Tyler Ballance" <tyler@bleepsoft.com>
Date: Thu, 24 Aug 2006 14:51:49 -0500
To: trustedbsd-audit@FreeBSD.org
X-Pgp-Agent: GPGMail 1.1.2 (Tiger)
X-Mailer: Apple Mail (2.752.2)
X-AntiAbuse: This header was added to track abuse,
	please include it with any abuse report
X-AntiAbuse: Primary Hostname - zeus.lunarpages.com
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - bleepsoft.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: Re: Darwin work
X-BeenThere: trustedbsd-audit@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD Audit Discussion List <trustedbsd-audit.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit>, 
	<mailto:trustedbsd-audit-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-audit>
List-Post: <mailto:trustedbsd-audit@FreeBSD.org>
List-Help: <mailto:trustedbsd-audit-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit>, 
	<mailto:trustedbsd-audit-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2006 19:52:13 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Aug 24, 2006, at 7:47 AM, Wayne Salamon wrote:

>
> On Aug 23, 2006, at 2:27 PM, R. Tyler Ballance wrote:
>
>> Am I looking in the wrong place? Should I be grepping some of the  
>> Xnu source for the Audit related code to find out how to handle  
>> the triggers spewed from Xnu's audit system? Or am i just being  
>> too dense to find the appropriate code in Apple's BSM code ;)
>
> The audit daemon handles the Mach triggers. The source is contained  
> in the system_cmds Darwin package, at
> http://www.opensource.apple.com/darwinsource/10.4.7.ppc/

Ahck! Whoops, I had forgotten that Apple has a bunch of those smaller  
daemons packed away into the system_cmds package on the darwin source  
site.

Thanks for the correction, I wasn't thinking properly yesterday it  
seems :)

Cheers,

- -R. Tyler Ballance

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFE7gNXqO6nEJfroRsRAu96AJ9S+EY8mBbFW/g/QvLC3whRDrkvYACeJqYo
deJb/jnvzRcxbnQbugqQXFY=
=kLSS
-----END PGP SIGNATURE-----