From owner-freebsd-current@FreeBSD.ORG Wed Jun 13 15:58:34 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@FreeBSD.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
by hub.freebsd.org (Postfix) with ESMTP id 9392316A469
for <current@FreeBSD.org>; Wed, 13 Jun 2007 15:58:34 +0000 (UTC)
(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
by mx1.freebsd.org (Postfix) with ESMTP id 70B8A13C480
for <current@FreeBSD.org>; Wed, 13 Jun 2007 15:58:34 +0000 (UTC)
(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
by cyrus.watson.org (Postfix) with ESMTP id F29B6471FC
for <current@FreeBSD.org>; Wed, 13 Jun 2007 11:58:33 -0400 (EDT)
Date: Wed, 13 Jun 2007 16:58:33 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: current@FreeBSD.org
Message-ID: <20070613165222.E83504@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc:
Subject: (Delayed) HEADS UP: AUDIT in GENERIC
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2007 15:58:34 -0000
This is a delayed HEADS UP that "options AUDIT" is now the default in GENERIC.
This means you either need to add "nooptions AUDIT" in configs based on
GENERIC, or you can now take out "options AUDIT" :-). Audit support will not
be enabled by default out-of-the-box, but it will now be possible to turn it
on without a kernel recompile.
If someone wants to lend a hand updating the chapter in the Handbook, that
would be most helpful. A reboot is still required after setting the rc.conf
entry to propagate any audit_user/audit_control settings to all login
sessions; you can do it without a reboot if you don't want to retroactively
enforce audit on login sessions already present when audit is started.
Robert N M Watson
Computer Laboratory
University of Cambridge
---------- Forwarded message ----------
Date: Fri, 8 Jun 2007 20:29:07 +0000 (UTC)
From: Robert Watson <rwatson@FreeBSD.org>
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/amd64/conf GENERIC src/sys/i386/conf GENERIC
src/sys/ia64/conf GENERIC src/sys/pc98/conf GENERIC
src/sys/powerpc/conf GENERIC src/sys/sparc64/conf GENERIC
src/sys/sun4v/conf GENERIC
rwatson 2007-06-08 20:29:07 UTC
FreeBSD src repository
Modified files:
sys/amd64/conf GENERIC
sys/i386/conf GENERIC
sys/ia64/conf GENERIC
sys/pc98/conf GENERIC
sys/powerpc/conf GENERIC
sys/sparc64/conf GENERIC
sys/sun4v/conf GENERIC
Log:
Enable AUDIT by default in the GENERIC kernel, allowing security event
auditing to be turned on without a kernel recompile, just an rc.conf
option.
Approved by: re (kensmith)
Obtained from: TrustedBSD Project
Revision Changes Path
1.479 +1 -0 src/sys/amd64/conf/GENERIC
1.469 +1 -0 src/sys/i386/conf/GENERIC
1.90 +1 -0 src/sys/ia64/conf/GENERIC
1.294 +1 -0 src/sys/pc98/conf/GENERIC
1.69 +1 -0 src/sys/powerpc/conf/GENERIC
1.124 +1 -0 src/sys/sparc64/conf/GENERIC
1.12 +1 -0 src/sys/sun4v/conf/GENERIC