From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 11 09:38:17 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FC3816A407 for ; Sat, 11 Nov 2006 09:38:17 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9300543D8A for ; Sat, 11 Nov 2006 09:38:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id B1AED46CE4; Sat, 11 Nov 2006 04:38:15 -0500 (EST) Date: Sat, 11 Nov 2006 09:38:15 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> Message-ID: <20061111092821.I63959@fledge.watson.org> References: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: I would like to help X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 09:38:17 -0000 On Fri, 3 Nov 2006, Diego Giagio wrote: > Let me introduce myself. I'm a software engineer in Brazil and I would like > to help the FreeBSD audit project. I have a strong C/ASM (x86) background > and can help with both user-level and kernel-level coding. I've also been > involved with computer security for some time now and I'm very comfortably > with FreeBSD, OpenBSD, Mac OSX and Linux. > > Do you have any suggestions where to begin with ? I've been reading the page > http://www.freebsd.org/projects/ideas/ and I find the "Distributed audit > daemon" idea very interesting, but don't know if its a good starting point. > I also checked http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf. Diego, Thanks for your e-mail! Your help would be most welcome. There is quite a bit of work to be done; right now we're not maintaining a unified TODO list for the FreeBSD audit implementation, rather, there are a few lists scattered in various places. You can find a short TODO list in the OpenBSM distribution (some of the items in the most recent release have now been done, FYI, so check first). The distributed audit daemon is one of the more interesting outstanding areas to work in, but there are others that probably ought to go into a TODO list somewhere. In my recent presentation at the FreeBSD developer summit, I identified the following areas in which interesting new work can and should be done: -Finish syscall assignments, especially for ABIs - Flesh out argument auditing - Audit + NSS - Userland sweep - Ports + packages - Language bindings - Enhance audit pipe preselection - Multiple audit pipelines - IDS/monitoring tools - Distributed audit - New parsing API Robert N M Watson Computer Laboratory University of Cambridge