From owner-soc-status@freebsd.org Tue Jul 21 17:36:38 2020 Return-Path: Delivered-To: soc-status@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5E868362FA0 for ; Tue, 21 Jul 2020 17:36:38 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BB5PJ667Lz40X9; Tue, 21 Jul 2020 17:36:36 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ej1-f49.google.com with SMTP id f12so22424712eja.9; Tue, 21 Jul 2020 10:36:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=Jyhlw7KUH89m953TkPdVv1I7hEvqE9fgbeVbjr8wJ4A=; b=APNfg0dm0ddY2F+v3YMTiSk9ueM7QGc+33pvMPjmTvEeTjAtGgPyQurXGZQhk3pJ9y HHgf1f7sWSf4zGnb7VnpL1ihKd6ydsSGvu4RYqJcpcl4D4YPn1Qcdj7uN1Y9Re9++mYr 0Bf8CDMEF1lBLGV7ZRPonoRUeFbEVeYpNiyqyaDt1I8PAwhTKQKiI18+g7a4Ycf6Mdb3 Yjv6nrF+TA0UPA+uZS4edgQyxhFQ1XZsWgwMrtJaP5Ubl2P0mW/LJN8tA211eS9cfQBd SNut/hnKrK7FqWlK+S0vv49yhTOZJYskp1DzwTFEYHdB/U+IzWqKLZAbL70wnd6MtvC6 anBQ== X-Gm-Message-State: AOAM532T9AqmOiGECYmbP/pdm3xFdoksPB7rVPLtpzWB3JB3uLeiNunY Y2jDJf6GUIb1HCpi6X3wG4a7FqBCmRI= X-Google-Smtp-Source: ABdhPJyqfOHyukiKFO0cJ4M72PvnXLKVYm/Jov7O4GHU2XkSvM7RuUWnHC7g2a/7H2I1lx77lQUKYg== X-Received: by 2002:a17:906:17c1:: with SMTP id u1mr17276358eje.536.1595352995056; Tue, 21 Jul 2020 10:36:35 -0700 (PDT) Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com. [209.85.218.47]) by smtp.gmail.com with ESMTPSA id dg8sm17998254edb.56.2020.07.21.10.36.34 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 Jul 2020 10:36:34 -0700 (PDT) Received: by mail-ej1-f47.google.com with SMTP id y10so22473722eje.1; Tue, 21 Jul 2020 10:36:34 -0700 (PDT) X-Received: by 2002:a17:907:20b4:: with SMTP id pw20mr27342623ejb.225.1595352994500; Tue, 21 Jul 2020 10:36:34 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Tue, 21 Jul 2020 23:06:12 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'20 Weekly Update] Adding audit(4) support to NFS To: soc-status@freebsd.org Cc: Alan Somers X-Rspamd-Queue-Id: 4BB5PJ667Lz40X9 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.218.49 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-1.54 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-0.97)[-0.966]; RWL_MAILSPIKE_GOOD(0.00)[209.85.218.49:from]; NEURAL_SPAM_SHORT(0.11)[0.113]; RCVD_COUNT_THREE(0.00)[4]; NEURAL_HAM_MEDIUM(-0.69)[-0.686]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[209.85.218.49:from]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com]; FREEMAIL_ENVFROM(0.00)[gmail.com] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jul 2020 17:36:38 -0000 Hi, This project aims to add audit(4) support to NFS, which will allow auditd(8) to just run on the NFS server and audit all activities within the NFS network. Audit works mostly on the syscall level and NFS is implemented within the kernel, which means the NFS RPCs don't generate any audit records on the server. Note that audit(4) can still be used on the NFS network but auditd(8) must run on every NFS client. This week I made the following progress: * This week I completed the NFSAuditTestSuite for auditing all NFSv3 RPCs. * NFSAuditTestSuite: https://github.com/shivankgarg98/NFSAuditTestSuite Currently, I'm: * improving the NFSv3 audit code in /sys for plausible bugs and making it ready for the review. Please, do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/user/shivank/nfs_audit Project wiki: https://wiki.freebsd.org/SummerOfCode2020Projects/AddAuditSupportToNFS Please feel free to share your ideas and feedback on this project. Best Regards, Shivank Garg