Date: Sat, 4 Feb 2006 16:07:53 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 91073 for review Message-ID: <200602041607.k14G7r4W021046@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=91073 Change 91073 by wsalamon@gretsch on 2006/02/04 16:07:32 Update the TODO list. Some things have actually been done. Affected files ... .. //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#2 edit Differences ... ==== //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#2 (text+ko) ==== @@ -7,7 +7,7 @@ - Add a file token to the audit startup record, containing the audit log file. -- Look at what audited writes when the file is rotated. +- Look at what auditd writes when the file is rotated. - Sweep of system call tables to see if any new BSM types are needed, that all system calls have the right BSM types assigned, and so on. (See the @@ -26,8 +26,6 @@ tokens. Existing tests verify at the record level, not token level. So we have EVENT->RECORD tests, need RECORD->TOKENS tests. -- Fix up pathname lookups in kernel. [IN PROGRESS] - - MAC->Audit integration, where the audit system pulls MAC label information from policies. @@ -40,9 +38,6 @@ - Sweep of BSM event types to see what should or shouldn't be coalesced or renamed. -- Restructure sys/security/audit to even out the sizes a bit, break it down, -clean it up, etc. [IN PROGRESS] - - Review set of user space programs and libraries to identify audit-relevant events and plan out how each needs audit support. For example, login has basic support right now, but sshd, etc, don't. @@ -53,14 +48,9 @@ - Expand praudit to speak Sun's new XML output format. -- Fix licenses and copyrights, with the help of Apple [IN PROGRESS] - - Investigate Sun's enhanced audit API they've been working on, decide what if anything to do with it. -- Remove pathname lookup for file descriptor based calls as it is not -reliable. - - Write test code for converting BSM to/from text. - Write test code to make sure auditd handles triggers, rotates log files, @@ -71,3 +61,6 @@ - Add a function to the audit test library to load the kernel event->class mapping so auditd need not be run before testing. + +- Expand the subject token to include jail information. Add this informtion +for processes that are running in a jail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602041607.k14G7r4W021046>