From owner-trustedbsd-discuss@freebsd.org Mon Nov 18 22:59:28 2019 Return-Path: Delivered-To: trustedbsd-discuss@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E6F0C1CB8BC for ; Mon, 18 Nov 2019 22:59:28 +0000 (UTC) (envelope-from rahul_gopi@hotmail.com) Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-oln040092010095.outbound.protection.outlook.com [40.92.10.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47H4CM0g1Zz4ds8 for ; Mon, 18 Nov 2019 22:59:26 +0000 (UTC) (envelope-from rahul_gopi@hotmail.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G0x+A3OOVU7zOjyeGjM1Rr2aJEus19qDUKkV7S/wJ8m8BF63/YpC1VrpSaOpxOU7tqEZ4nwtlP8OlCBEJ67zvigdNN2HiJkUQO4rbPDE2CD9LVYkPbkMkkBHBpjawPndV7ss91FVUmJk4/ptSXOl6WgwljJj4BG32L88kNIvL6oeCRKhlByCZZ/6fXFnzki1B8dq3M8feFiHC+WBFEkQdzplWo8ly+XuxxmZeneKwwMNJHWCIxSlYAqaA/8Lexx1uvX3MuzbWeljYCWx/FmQ+lytv51qRkZD0mymfnTAEl4baA3m45wW5F17KOPIbe6+MNs6jDyP0X2FnBeTyFm5lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3w7gD5iK/akmhcc3N2+/ERPRC1gJvyhjzdyPH4naOYE=; b=OIrZ8Gv79hOLtQYsTdtke+BLqk6aZgapZHhxYuCg1w4Ub4Zgn3D1wwi+Xes/eW90ER4fa5NU5rSK6sh2X6r05803LJKHXbsWsHOUWc8LNUt+h73hYIyr/EkEk6dbddU/k6H2yQenxP3S5oZdSzIkU0RaHtfOuccWe4UX37p+R84unE5nKa61irtcKkNrCu1Ehf24GsyA6D+MJjRt83S+RedJ1j+7wRmpt75HQohMgVRHmOFxzuKsoSfFXRaHV3p4tVFuxgyfhzMRNSaxoXPK7oxkq6eI5B4nGE4ViczZgsEMErQxD2nFB673eUHJhHwHhQCTMjTWHOx8wjfGgWXFlg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3w7gD5iK/akmhcc3N2+/ERPRC1gJvyhjzdyPH4naOYE=; b=A63wYmx4ilNnoIZswilaI3+vB89hVRDs9O/WSrGtQ5x5zL2jx7gaaPYHsxn3sKRuaOfuDs8gL4aGuGUhI/3Aq3xCMob5lHlk6qkqFef7UeYi1hA1diH1I2UnpoX56D62kR9Hcv4q5CLeNkWk1TnhX8fmkOL4zcs3h+V/juVW0K/Mjb5A527pK/1V8ic9CsqGG/mTn/gZvNFZ8EVu0bW/wen22OhrI6cuBYd8127oF6jHzYBYsV2RoH2JWAZzKlXuJAgudeUyIQ0EU1krPJDoA0iDRyXMc0tz+hSl4H9oMpDMABQh6c6krHgA4OjP2U+5OLQWwHghaDIVVYRrz883lA== Received: from BN3NAM04FT018.eop-NAM04.prod.protection.outlook.com (10.152.92.51) by BN3NAM04HT072.eop-NAM04.prod.protection.outlook.com (10.152.92.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2451.23; Mon, 18 Nov 2019 22:59:24 +0000 Received: from BY5PR08MB6280.namprd08.prod.outlook.com (10.152.92.52) by BN3NAM04FT018.mail.protection.outlook.com (10.152.92.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23 via Frontend Transport; Mon, 18 Nov 2019 22:59:24 +0000 Received: from BY5PR08MB6280.namprd08.prod.outlook.com ([fe80::c08a:4edd:95ae:136d]) by BY5PR08MB6280.namprd08.prod.outlook.com ([fe80::c08a:4edd:95ae:136d%7]) with mapi id 15.20.2451.029; Mon, 18 Nov 2019 22:59:24 +0000 From: Rahul Gopi To: "trustedbsd-discuss@freebsd.org" Subject: Help enabling au_to_socket_ex for openbsm network events Thread-Topic: Help enabling au_to_socket_ex for openbsm network events Thread-Index: AQHVnecvCViUHj2KfUGO6aZTzKACT6eRBJ8B Date: Mon, 18 Nov 2019 22:59:24 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:19D31722AD6DBE93F18F1CEFCE40ABB7152316A7D53BA36B1E9644D045B7CF0C; UpperCasedChecksum:E8D4BD14E3913E1F4F2144ABE17033213C793E57333B8E259111C0A841C62C95; SizeAsReceived:6997; Count:45 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [HXDfwNzu4ZEG0kZhEcgsee+JgjKTLWG7] x-ms-publictraffictype: Email x-incomingheadercount: 45 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 6093651b-3a74-4c80-62c9-08d76c7af48d x-ms-traffictypediagnostic: BN3NAM04HT072: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: B5YaJWkCgoc7zhezM4mKioVqErvv8ffO2auNXAGg84aANr7ikE9u6AXQhYWHCHckH9n/ueJO9oiLLtMN7YCcFJKTz6RLhXse6n9yPVgRwbERipxZs0pCw4/Mnu7i0HocVENEyhWsopiBlAFncoGUDnnbPk+XDytrzsXy+VT3zjwsJyWT6inqSv37KdzoxKjs x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 6093651b-3a74-4c80-62c9-08d76c7af48d X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2019 22:59:24.0373 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT072 X-Rspamd-Queue-Id: 47H4CM0g1Zz4ds8 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hotmail.com header.s=selector1 header.b=A63wYmx4; dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (mx1.freebsd.org: domain of rahul_gopi@hotmail.com designates 40.92.10.95 as permitted sender) smtp.mailfrom=rahul_gopi@hotmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; DWL_DNSWL_NONE(0.00)[hotmail.com.dwl.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[hotmail.com:s=selector1]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/15]; FREEMAIL_FROM(0.00)[hotmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(0.00)[ipnet: 40.64.0.0/10(-3.85), asn: 8075(-2.80), country: US(-0.05)]; DKIM_TRACE(0.00)[hotmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[hotmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[95.10.92.40.list.dnswl.org : 127.0.3.0]; TO_DN_EQ_ADDR_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[hotmail.com]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; RCVD_TLS_LAST(0.00)[]; ARC_ALLOW(-1.00)[i=1] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: trustedbsd-discuss@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2019 22:59:29 -0000 We are looking to enable creating of expanded socket type events in macos b= sm. Saw support for au_to_socket_ex in source but not sure how to enable th= is for openbsm via audit_event, audit_control et configuration files. Gre= atly appreciate any help in this regard. Platform MacOS , 10.14 from man audit.log The ``expanded socket'' token contains information about IPv4 and IPv6= sockets. A ``expanded socket'' token can be created using au_to_socket_ex(3). Field Bytes Description Token ID 1 byte Token ID Socket domain 2 bytes Socket domain Socket type 2 bytes Socket type Address type 2 byte Address type (IP= v4/IPv6) Local port 2 bytes Local port Local IP address 4/16 bytes Local IP address Remote port 2 bytes Remote port Remote IP address 4/16 bytes Remote IP addres= s Thanks and regards Rahul