Date: Tue, 15 Mar 2011 16:10:14 GMT From: Efstratios Karatzas <gpf@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 190062 for review Message-ID: <201103151610.p2FGAEus004054@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@190062?ac=10 Change 190062 by gpf@gpf_desktop on 2011/03/15 16:09:32 - add new audit class 'nfs' and map new nfs rpc events to it. On a different sidenote, I noticed that most of those events have values that step on space reserved for solaris kernel events. Although I don't expect 1700 of those events to suddently pop up, this will be fixed. Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_class#2 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#9 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_class#2 (text) ==== @@ -18,6 +18,7 @@ 0x00001000:lo:login_logout 0x00002000:aa:authentication and authorization 0x00004000:ap:application +0x00008000:nfs:nfs server 0x20000000:io:ioctl 0x40000000:ex:exec 0x80000000:ot:miscellaneous ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#9 (text) ==== @@ -362,68 +362,68 @@ # # NFS-specific kernel events # -2000:AUE_NFS_NULL:nfsrv_null():ot -2001:AUE_NFS_GETATTR:nfsrv_getattr():fa -2002:AUE_NFS_SETATTR:nfsrv_setattr():fm -2003:AUE_NFS_LOOKUP:nfsrv_lookup():fa,ad -2004:AUE_NFS_ACCESS:nfsrv_access():fa -2005:AUE_NFS_READLINK:nfsrv_readlink():fr -2006:AUE_NFS_READ:nfsrv_read():fr -2007:AUE_NFS_WRITE:nfsrv_write():fw -2008:AUE_NFS_CREATE:nfsrv_create():fc,ad -2009:AUE_NFS_MKDIR:nfsrv_mkdir():fc,ad -2010:AUE_NFS_SYMLINK:nfsrv_symlink():fc,ad -2011:AUE_NFS_MKNOD:nfsrv_mknod():fc,ad -2012:AUE_NFS_REMOVE:nfsrv_remove():fd -2013:AUE_NFS_RMDIR:nfsrv_rmdir():fd -2014:AUE_NFS_RENAME:nfsrv_rename():fc,fd -2015:AUE_NFS_LINK:nfsrv_link():fc -2016:AUE_NFS_READDIR:nfsrv_readdir():fr -2017:AUE_NFS_READDIR_PLUS:nfsrv_readdirplus():fr,ad -2018:AUE_NFS_STATFS:nfsrv_statfs():fa -2019:AUE_NFS_FSINFO:nfsrv_fsinfo():ot -2020:AUE_NFS_PATHCONF:nfsrv_pathconf():fa -2021:AUE_NFS_COMMIT:nfsrv_commit():fw -2022:AUE_NFS_NOOP:nfsrv_noop():no +2000:AUE_NFS_NULL:nfsrv_null():nfs,ot +2001:AUE_NFS_GETATTR:nfsrv_getattr():nfs,fa +2002:AUE_NFS_SETATTR:nfsrv_setattr():nfs,fm +2003:AUE_NFS_LOOKUP:nfsrv_lookup():nfs,fa,ad +2004:AUE_NFS_ACCESS:nfsrv_access():nfs,fa +2005:AUE_NFS_READLINK:nfsrv_readlink():nfs,fr +2006:AUE_NFS_READ:nfsrv_read():nfs,fr +2007:AUE_NFS_WRITE:nfsrv_write():nfs,fw +2008:AUE_NFS_CREATE:nfsrv_create():nfs,fc,ad +2009:AUE_NFS_MKDIR:nfsrv_mkdir():nfs,fc,ad +2010:AUE_NFS_SYMLINK:nfsrv_symlink():nfs,fc,ad +2011:AUE_NFS_MKNOD:nfsrv_mknod():nfs,fc,ad +2012:AUE_NFS_REMOVE:nfsrv_remove():nfs,fd +2013:AUE_NFS_RMDIR:nfsrv_rmdir():nfs,fd +2014:AUE_NFS_RENAME:nfsrv_rename():nfs,fc,fd +2015:AUE_NFS_LINK:nfsrv_link():nfs,fc +2016:AUE_NFS_READDIR:nfsrv_readdir():nfs,fr +2017:AUE_NFS_READDIR_PLUS:nfsrv_readdirplus():nfs,fr,ad +2018:AUE_NFS_STATFS:nfsrv_statfs():nfs,fa +2019:AUE_NFS_FSINFO:nfsrv_fsinfo():nfs,ot +2020:AUE_NFS_PATHCONF:nfsrv_pathconf():nfs,fa +2021:AUE_NFS_COMMIT:nfsrv_commit():nfs,fw +2022:AUE_NFS_NOOP:nfsrv_noop():nfs,no # # NFSv4 specific RPC events # -2023:AUE_NFS_CLOSE:nfsrv_close():cl -2024:AUE_NFS_DELEGPURGE:nfsrv_delegpurge():ad -2025:AUE_NFS_DELEGRETURN:nfsrv_delegreturn():ad -2026:AUE_NFSv4_GETFH:nfsrv4_getfh():ad -2027:AUE_NFS_LOCK:nfsrv_lock():fm -2028:AUE_NFS_LOCKT:nfsrv_lockt():fm -2029:AUE_NFS_LOCKU:nfsrv_locku():fm -2030:AUE_NFS_LOOKUPP:nfsrv_lookupp():fa,ad -2031:AUE_NFS_NVERIFY:nfsrv_nverify():fa -2032:AUE_NFS_OPEN:nfsrv_open():fa -2033:AUE_NFS_OPENATTR:nfsrv_openattr():fa -2034:AUE_NFS_OPENCONFIRM:nfsrv_openconfirm():fa -2035:AUE_NFS_OPENDOWNGRADE:nfsrv_opendowngrade():fm -2036:AUE_NFS_PUTFH:nfsrv_putfh():ad -2037:AUE_NFS_PUTPUBFH:nfsrv_putpubfh():ad -2038:AUE_NFS_PUTROOTFH:nfsrv_putrootfh():ad -2039:AUE_NFS_RENEW:nfsrv_renew():ad -2040:AUE_NFS_RESTOREFH:nfsrv_restorefh():ad -2041:AUE_NFS_SAVEFH:nfsrv_savefh():ad -2042:AUE_NFS_SECINFO:nfsrv_secinfo():ot -2043:AUE_NFS_SETCLIENTID:nfsrv_setclientid():aa -2044:AUE_NFS_SETCLIENTIDCFRM:nfsrv_setclientidcfrm():aa -2045:AUE_NFS_VERIFY:nfsrv_verify():fa -2046:AUE_NFS_RELEASELCKOWN:nfsrv_releaselckown():ad -2047:AUE_NFS_OPEN_R:nfsrv_open() - read:fr -2048:AUE_NFS_OPEN_RC:nfsrv_open() - read, creat:fr,fc,fa,fm -2049:AUE_NFS_OPEN_RTC:nfsrv_open() - read, trunc, creat:fr,fd,fc,fa,fm -2050:AUE_NFS_OPEN_RT:nfsrv_open() - read, trunc:fr,fd,fa,fm -2051:AUE_NFS_OPEN_RW:nfsrv_open() - read, write:fr,fw -2052:AUE_NFS_OPEN_RWC:nfsrv_open() - read, write, creat:fr,fw,fc,fa,fm -2053:AUE_NFS_OPEN_RWTC:nfsrv_open() - read, write, trunc, creat:fr,fw,fd,fc,fa,fm -2054:AUE_NFS_OPEN_RWT:nfsrv_open() - read, write, trunc:fr,fw,fd,fa,fm -2055:AUE_NFS_OPEN_W:nfsrv_open() - write:fw -2056:AUE_NFS_OPEN_WC:nfsrv_open() - write, creat:fw,fc,fa,fm -2057:AUE_NFS_OPEN_WTC:nfsrv_open() - write, trunc, creat:fw,fd,fc,fa,fm -2058:AUE_NFS_OPEN_WT:nfsrv_open() - write, trunc:fw,fd,fa,fm +2023:AUE_NFS_CLOSE:nfsrv_close():nfs,cl +2024:AUE_NFS_DELEGPURGE:nfsrv_delegpurge():nfs,ad +2025:AUE_NFS_DELEGRETURN:nfsrv_delegreturn():nfs,ad +2026:AUE_NFSv4_GETFH:nfsrv4_getfh():nfs,ad +2027:AUE_NFS_LOCK:nfsrv_lock():nfs,fm +2028:AUE_NFS_LOCKT:nfsrv_lockt():nfs,fm +2029:AUE_NFS_LOCKU:nfsrv_locku():nfs,fm +2030:AUE_NFS_LOOKUPP:nfsrv_lookupp():nfs,fa,ad +2031:AUE_NFS_NVERIFY:nfsrv_nverify():nfs,fa +2032:AUE_NFS_OPEN:nfsrv_open():nfs,fa +2033:AUE_NFS_OPENATTR:nfsrv_openattr():nfs,fa +2034:AUE_NFS_OPENCONFIRM:nfsrv_openconfirm():nfs,fa +2035:AUE_NFS_OPENDOWNGRADE:nfsrv_opendowngrade():nfs,fm +2036:AUE_NFS_PUTFH:nfsrv_putfh():nfs,ad +2037:AUE_NFS_PUTPUBFH:nfsrv_putpubfh():nfs,ad +2038:AUE_NFS_PUTROOTFH:nfsrv_putrootfh():nfs,ad +2039:AUE_NFS_RENEW:nfsrv_renew():nfs,ad +2040:AUE_NFS_RESTOREFH:nfsrv_restorefh():nfs,ad +2041:AUE_NFS_SAVEFH:nfsrv_savefh():nfs,ad +2042:AUE_NFS_SECINFO:nfsrv_secinfo():nfs,ot +2043:AUE_NFS_SETCLIENTID:nfsrv_setclientid():nfs,aa +2044:AUE_NFS_SETCLIENTIDCFRM:nfsrv_setclientidcfrm():nfs,aa +2045:AUE_NFS_VERIFY:nfsrv_verify():nfs,fa +2046:AUE_NFS_RELEASELCKOWN:nfsrv_releaselckown():nfs,ad +2047:AUE_NFS_OPEN_R:nfsrv_open() - read:nfs,fr +2048:AUE_NFS_OPEN_RC:nfsrv_open() - read, creat:nfs,fr,fc,fa,fm +2049:AUE_NFS_OPEN_RTC:nfsrv_open() - read, trunc, creat:nfs,fr,fd,fc,fa,fm +2050:AUE_NFS_OPEN_RT:nfsrv_open() - read, trunc:nfs,fr,fd,fa,fm +2051:AUE_NFS_OPEN_RW:nfsrv_open() - read, write:nfs,fr,fw +2052:AUE_NFS_OPEN_RWC:nfsrv_open() - read, write, creat:nfs,fr,fw,fc,fa,fm +2053:AUE_NFS_OPEN_RWTC:nfsrv_open() - read, write, trunc, creat:nfs,fr,fw,fd,fc,fa,fm +2054:AUE_NFS_OPEN_RWT:nfsrv_open() - read, write, trunc:nfs,fr,fw,fd,fa,fm +2055:AUE_NFS_OPEN_W:nfsrv_open() - write:nfs,fw +2056:AUE_NFS_OPEN_WC:nfsrv_open() - write, creat:nfs,fw,fc,fa,fm +2057:AUE_NFS_OPEN_WTC:nfsrv_open() - write, trunc, creat:nfs,fw,fd,fc,fa,fm +2058:AUE_NFS_OPEN_WT:nfsrv_open() - write, trunc:nfs,fw,fd,fa,fm # # Firewall Events # note: class 'aa' is only temporarily used
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103151610.p2FGAEus004054>