From owner-freebsd-hackers@freebsd.org Mon Jun 1 17:36:03 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8516233D2CB; Mon, 1 Jun 2020 17:36:03 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49bMlk3wRsz4Jsc; Mon, 1 Jun 2020 17:36:02 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ej1-f53.google.com with SMTP id a25so2788001ejg.5; Mon, 01 Jun 2020 10:36:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=0O1NAlIZp6A603OE01WApz3F/z+AXVY6wus9xhp2d98=; b=O853tkYujxcAUIFt0fiSJGscDoR8cr2yaT2ShMyc+ff9e1DcvmVEbklmt1MkFS3j7s 3onpGr3XHJAz+t/xvfKytgyQpKoMZQ2wRo7d0CDO0f0o+BpIcbX4rVtXlm4RjHqZUpxt StbZbQ9nmQQueIucaDFTHLlQ3M2e9/QvZAKTAAIrkgVsjHTe1hn1sdKzycbAWBSCBngt Mb1xZiWW1CFoeG38Hh0EWbNUYbjTvYrhp/H7zdZ6l3TPAqrStz/XDYMm3wDj93Oqp5e/ KE7WUUc8QU5nxUt9wZADLQvDzgk7voIOThUwJrDJsVtBb6DPAsh55AMgoRGFrqOhXaQG AFpw== X-Gm-Message-State: AOAM532r9HR0ReDILPkhd94kk9zrB7z6QtVuzbSZcUnHX5Vc8d2tDmxB lgxuuGOC2cq3UsQPVQHadav36YnJbaU= X-Google-Smtp-Source: ABdhPJyAMftgu/kb1uziIx2trnJ3tJNqKe1x94DX7JNft9PMbFnKo5YiFEqZTtoiRCCw1kGgt6eHvQ== X-Received: by 2002:a17:906:2615:: with SMTP id h21mr13558861ejc.84.1591032960644; Mon, 01 Jun 2020 10:36:00 -0700 (PDT) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com. [209.85.208.53]) by smtp.gmail.com with ESMTPSA id dm1sm203447ejc.99.2020.06.01.10.35.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Jun 2020 10:36:00 -0700 (PDT) Received: by mail-ed1-f53.google.com with SMTP id g9so7873329edw.10; Mon, 01 Jun 2020 10:35:59 -0700 (PDT) X-Received: by 2002:a50:c3c5:: with SMTP id i5mr429507edf.314.1591032959252; Mon, 01 Jun 2020 10:35:59 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Mon, 1 Jun 2020 23:05:46 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'20 Introduction] Adding audit(4) support to NFS To: freebsd-hackers@freebsd.org, soc-status@freebsd.org Cc: Alan Somers X-Rspamd-Queue-Id: 49bMlk3wRsz4Jsc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.218.53 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-2.01 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; DMARC_NA(0.00)[freebsd.org]; RWL_MAILSPIKE_GOOD(0.00)[209.85.218.53:from]; NEURAL_HAM_LONG(-0.96)[-0.957]; RCVD_COUNT_THREE(0.00)[4]; NEURAL_HAM_MEDIUM(-0.94)[-0.939]; NEURAL_HAM_SHORT(-0.11)[-0.114]; RCVD_IN_DNSWL_NONE(0.00)[209.85.218.53:from]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; RCVD_TLS_ALL(0.00)[]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2020 17:36:03 -0000 Hi everyone, This project aims to add audit(4) support to NFS, which will allow auditd(8) to just run on the NFS server and audit all activities within the NFS network. Note that audit(4) can still be used on the NFS network but auditd(8) must run on every NFS client. *Mentor: *Alan Somers *Project Information/Background:* Security event auditing permits the selective and fine-grained configurable logging of security-relevant system events for the purpose of post-mortem analysis, intrusion detection, and run-time monitoring. It is intended to meet the requirements of the Common Criteria(CC)/Common Access protection profile(CAPP) evaluation. Audit works mostly on the syscall level and NFS is implemented within the kernel, which means the NFS RPCs don't generate any audit records on the server. The NFS RPC requests bypass the syscall layer and go directly to the VFS layer. The need for this support arises in case of insecure networks, where running auditd(8) on each client is not an option(the audit log on such clients can't be trusted) *Approach:* This project will require the modification in the NFS server code to allow an audit of each NFS RPC. This will auditd(8) to audit all the NFS activities within the network. The NFS RPCs code lies mostly in nfs_nfsdserv.c and nfs_nfsdsocket.c. There would need to define AUDIT_NFSRPC_ENTER and AUDIT_NFSPRC_EXIT in a similar fashion to AUDIT_SYSCALL_ENTER and AUDIT_SYSCALL_EXIT at NFS RPC level. For auditing events, within each NFS RPC, one or more AUDIT_ARG_* macros(or some modification of them) will be called. The implementation design is under the thought process. *Project Wiki and Source links:* * Project Wiki Page: https://wiki.freebsd.org/SummerOfCode2020Projects/AddAuditSupportToNFS * Github Repo link: https://github.com/shivankgarg98/freebsd/tree/user/shivank/nfs_audit * Please see this diff for all changes: https://github.com/freebsd/freebsd/compare/master...shivankgarg98:user/shivank/nfs_audit Note: I'll be updating weekly status report on soc-status@ Please feel free to share your ideas and feedback on this project. Happy Hacking! :) Best Regards, Shivank Garg Undergrad at IIT Kanpur, India