From owner-trustedbsd-audit@FreeBSD.ORG  Fri Sep 29 14:35:31 2006
Return-Path: <owner-trustedbsd-audit@FreeBSD.ORG>
X-Original-To: trustedbsd-audit@FreeBSD.org
Delivered-To: trustedbsd-audit@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 658A716A412
	for <trustedbsd-audit@FreeBSD.org>;
	Fri, 29 Sep 2006 14:35:31 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 15C8D43D4C
	for <trustedbsd-audit@FreeBSD.org>;
	Fri, 29 Sep 2006 14:35:31 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id 9144D46C98;
	Fri, 29 Sep 2006 10:35:30 -0400 (EDT)
Date: Fri, 29 Sep 2006 15:35:30 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: "R. Tyler Ballance" <tyler@bleepsoft.com>
In-Reply-To: <BB1AB744-AD1D-44EF-B7DF-6BE3BD700C94@bleepsoft.com>
Message-ID: <20060929153340.Y74256@fledge.watson.org>
References: <9DDE008A-5B91-4DA0-A55B-E4AA7E4A3369@free.fr>
	<BB1AB744-AD1D-44EF-B7DF-6BE3BD700C94@bleepsoft.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: trustedbsd-audit@FreeBSD.org, "benjamin.morin" <benjamin.morin@free.fr>
Subject: Re: BSM audit on Mac OS X
X-BeenThere: trustedbsd-audit@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD Audit Discussion List <trustedbsd-audit.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit>, 
	<mailto:trustedbsd-audit-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-audit>
List-Post: <mailto:trustedbsd-audit@FreeBSD.org>
List-Help: <mailto:trustedbsd-audit-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit>, 
	<mailto:trustedbsd-audit-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Sep 2006 14:35:31 -0000


On Fri, 29 Sep 2006, R. Tyler Ballance wrote:

> Heh, this was one of the first things I hit when I was starting to work on 
> openbsm/Darwin, the FreeBSD kernel has a few different options for fetching 
> the time from the kernel, but Xnu doesn't, so the quickest solution IMHO was 
> just to call out to the standard libc, and form a response that 
> auditfilterd.c wants, I've not tested, but it compiles, and that's all 
> that's really important anyways right? ;)
>
> My solution was to add a header compat/kernel_time.h ( 
> http://perforce.freebsd.org/fileViewer.cgi?FSPC=//depot/user/tyler/openbsm/compat/kernel%5ftime.h&REV=3 
> ) and then include that in auditfilterd.c
>
> It *should* work, but I can't do much testing on my single intel iMac for 
> openbsm and auditing at the moment because I'm busy with contracts and I'm 
> scared to hose my work computer ;)

The fix for this will appear in OpenBSM 1.0 alpha 13, and is in Perforce, but 
is not yet released.  I don't currently have an ETA on that, since I'm 
focusing on getting alpha 12 into FreeBSD's 6-STABLE tree today so that it 
will appear in BETA2.  If it's useful, we can cut an alpha 13 next week so 
that there's a baseline that builds on Mac OS X on the web site.  Since 
Christian has some works in progress, I am hoping to defer the release until 
those issues are resolved (relating to IPv6 address auditing).

Robert N M Watson
Computer Laboratory
University of Cambridge