Date: Mon, 20 Sep 1999 11:08:11 -0600 From: Nate Williams <nate@mt.sri.com> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: robert+freebsd@cyrus.watson.org (Robert Watson), security@FreeBSD.ORG Subject: Re: Real-time alarms Message-ID: <199909201708.LAA01364@mt.sri.com> In-Reply-To: <199909201541.IAA59140@gndrsh.dnsmgr.net> References: <Pine.BSF.3.96.990920112110.42321B-100000@fledge.watson.org> <199909201541.IAA59140@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I'd advise against developing any more codebases for auditing--we already > > have two :-). I have a /dev/audit, submission of records from a number of > > syscalls, an auditd + IDS interface, and some log management code. Nate's > > folk are working on a better kernel interface and implementation, as was > > discussed on freebsd-security in July (please see archive for details). > > My userland library currently supports most of the posix.1e audit > > interface spec, and I have a set of posix.1e extensions for IDS modules. > > My hope is to adapt my auditd to speak Nate's kernel improvements, but > > continue to provide a standard interface and useful tools/etc. > > URL to source code please... and I already pointed out that we need > to at least look at what is out there. Robert's code exists, but we both agree it was not the most effecient way of doing things. My code is not yet available for reasons already stated publically. If/when it's to the point that it actually does something significant, then maybe I'll put up a snapshot for public consumption, but no earlier. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909201708.LAA01364>