Date: Tue, 16 Jun 2020 23:26:09 +0530 From: Shivank Garg <shivank@freebsd.org> To: soc-status@freebsd.org Cc: Alan Somers <asomers@freebsd.org> Subject: [GSoC'20 Weekly Update] Adding audit(4) support to NFS Message-ID: <CAOVCmzHiVp4P=Ap3pe=w4a5hqQk3F19p9JQ=KVcyVkxDbPs3BQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, This project aims to add audit(4) support to NFS, which will allow auditd(8) to just run on the NFS server and audit all activities within the NFS network. Audit works mostly on the syscall level and NFS is implemented within the kernel, which means the NFS RPCs don't generate any audit records on the server. Note that audit(4) can still be used on the NFS network but auditd(8) must run on every NFS client. This week I made the following progress: * created a basic structure in NFS and audit code for NFS RPC related events. * resolved an issue of header and declaration conflicts while including NFS headers in audit code. * submitted a review(https://reviews.freebsd.org/D25263), removing 2 macro definitions - no longer needed after NFS OS/X port became dead. Currently, I am: * adding new NFS event cases for audit_worker(which dequeue kernel audit records and call kaudit_to_bsm). * checking what all tokens and other information is needed when kernel audit record to bsm conversion. Please, do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/user/shivank/nfs_audit Project wiki: https://wiki.freebsd.org/SummerOfCode2020Projects/AddAuditSupportToNFS Please feel free to share your ideas and feedback on this project. Best Regards, Shivank Garg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOVCmzHiVp4P=Ap3pe=w4a5hqQk3F19p9JQ=KVcyVkxDbPs3BQ>