From owner-soc-status@freebsd.org Mon Jun 6 02:45:24 2016 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28327B6A5BF for ; Mon, 6 Jun 2016 02:45:24 +0000 (UTC) (envelope-from mpp302@gmail.com) Received: from mail-lf0-f51.google.com (mail-lf0-f51.google.com [209.85.215.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 991B81E29; Mon, 6 Jun 2016 02:45:23 +0000 (UTC) (envelope-from mpp302@gmail.com) Received: by mail-lf0-f51.google.com with SMTP id w16so85819800lfd.2; Sun, 05 Jun 2016 19:45:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:date:message-id:cc:to:mime-version; bh=fmQYH0G66ttQJHvlSo38/2ONM/2gS3LU4Oishgw842I=; b=OmFe+ta20QBAfYlx6hwHZA943sUlcwlft6PrUB10dVzIWcEbWZRmFWINLP1EVLCcXj tLbYIQsWuiUNVgkJAVN1rlpIcHpMJx4hhbv7CjcQXnv2pwWABfAJReaqgsO63S74dRAp VDEnZfYMLKHFpBpHp76x2CdsuNXPzBsZebnJxFsXYjSIrGh3b9+CwDm29Oa3x7ExMdBK P6U0fewZOsM6UpvhvFe3ZqHUj2KxqNlLuyOfAdRLxGQZk8PmteZWazSwdlPFhEDGZmaX OKbACIgqDR3VxG23V13XO8NJz8385Rg3i8nPEQjQAzo2WvN/0SC0/QMZhCpDuwP9cgIz ryCA== X-Gm-Message-State: ALyK8tKqNXC+TTQIQBs+hjkY5H7QeBReq/Pn4ngYqSVpM8FMVnbnFOisMHPpqLdvmAWT2Q== X-Received: by 10.25.37.9 with SMTP id l9mr696908lfl.70.1465181121149; Sun, 05 Jun 2016 19:45:21 -0700 (PDT) Received: from [192.168.0.15] (87-207-152-10.dynamic.chello.pl. [87.207.152.10]) by smtp.gmail.com with ESMTPSA id 83sm1523710ljj.1.2016.06.05.19.45.19 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 05 Jun 2016 19:45:20 -0700 (PDT) From: Mateusz Piotrowski <0mp@FreeBSD.org> Subject: Week 2 / Non-BSM to BSM Conversion Tools / Problems with mapping and NFS Date: Mon, 6 Jun 2016 04:45:18 +0200 Message-Id: <777F3D4D-60FC-4D20-9555-3C9FF01356E4@FreeBSD.org> To: soc-status@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 02:45:24 -0000 Hello, Mapping =3D=3D=3D=3D=3D I read some contrib/openbsm source code to get the idea of how I should = implement the conversion from the Linux Audit format to the BSM format.=20= It turns out it is a little bit more complicated than I thought at the = beginning. It is not obvious to me yet how I should map the Linux Audit = format to the BSM format.=20 On one hand I can try to map as many Linux Audit audit fields to the BSM = fields as possible; it seems to be rather troublesome. On the other hand = I can ignore the whole mapping issue and just create a proper BSM trail = using the header token, trailer token and a bunch of arbitrary data = tokens to pack all the Linux audit events there.=20 The best approach would be something in the middle I guess. I wasn=E2=80=99= t able to come up with a neat solution on my own yet however; I=E2=80=99ve= got to present my research to my mentor and ask for advice since I=E2=80=99= m stuck. Here=E2=80=99s an email I=E2=80=99ve sent to freebsd-hackers@ where I = asked for help with understaing how the /etc/security/audit_event file = works = (https://lists.freebsd.org/pipermail/freebsd-hackers/2016-June/049550.html= = ). I didn=E2=80=99t receive any answer yet. Parsing =3D=3D=3D=3D=3D I felt a little bad about the fact that I=E2=80=99ve not wrote a single = line of code yet. This is why I decided to start writing a parser for = the Linux Audit trails. I=E2=80=99ve got to ask my mentor if it = wouldn=E2=80=99t be smarter if I adopt the code which parses Linux Audit = trails since it is already written = (http://people.redhat.com/sgrubb/audit/audit-parse.txt = ). NFS =3D=3D=3D=3D=3D My mentor suggested me to set up FreeBSD with NFS. I tried really hard = to get it working. My virtual machine fails to boot basically. I created = a step-by-step tutorial for future reference: = https://github.com/0mp/freebsd/wiki/Set-up-FreeBSD-with-NFS = . It is = mainly based on the oshogbo=E2=80=99s tutorial = (http://oshogbo.vexillium.org/blog/28/ = ).=20 I=E2=80=99ll update the tutorial as soon as I fix my NFS. New repository =3D=3D=3D=3D=3D I have a new repository: https://github.com/0mp/freebsd = . Midterm evaluation is coming =3D=3D=3D=3D=3D Hopefully, I=E2=80=99ll manage to catch up with at least some of my = milestones which I planned to reach before the midterm evaluation. I = simply cannot work full-time on my GSoC project due to the exams coming = soon. Outdated Wiki =3D=3D=3D=3D=3D I didn=E2=80=99t update my Wiki page in a while because I=E2=80=99m = struggling with the mapping issue. The link to the project=E2=80=99s = Wiki: = https://wiki.freebsd.org/SummerOfCode2016/NonBSMtoBSMConversionTools = . Cheers! -Mateusz=