Date: Tue, 18 Dec 2018 17:24:58 +0100 From: Jack Halford <jack@gandi.net> To: "Robert N. M. Watson" <rwatson@FreeBSD.org> Cc: trustedbsd-audit@freebsd.org Subject: Re: Re: new syscalls audit events Message-ID: <20181218162458.m36gxcrimwri3ttz@thinkpad-gandi> In-Reply-To: <8BA9D408-41F8-4E59-8AA9-39740A2F65C5@FreeBSD.org> References: <20181214161615.lvk2gsqtf7gij4fc@thinkpad-gandi> <8BA9D408-41F8-4E59-8AA9-39740A2F65C5@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> - contrib/openbsm/etc/audit_event >> - contrib/openbsm/sys/bsm/audit_kevents.h >> - sys/bsm/audit_kevents.h > >These changes will need to be upstreamed to OpenBSM in GitHub. As there might be conflicting new events using the same numbers, do use the numbers assigned by OpenBSM rather than those that might appear most obvious in FreeBSD, as BSM is used across several operating systems, and we require consistent event-number assignment. > >> - sys/kern/syscalls.master >> - sys/compat/freebsd32/syscalls.master > >You will also need to modify sys/security/audit_bsm_klib.c to generate BSM records and encode arguments/return values/etc. Thanks for the reply, I'll look into upstreaming all this to github before my review then. Likely after the holidays. -- Jack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181218162458.m36gxcrimwri3ttz>