From owner-freebsd-bugs@FreeBSD.ORG  Wed Aug 22 11:20:02 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1CBEC16A41A
	for <freebsd-bugs@hub.freebsd.org>;
	Wed, 22 Aug 2007 11:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id EEFFC13C4A3
	for <freebsd-bugs@hub.freebsd.org>;
	Wed, 22 Aug 2007 11:20:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7MBK1dm071920
	for <freebsd-bugs@freefall.freebsd.org>; Wed, 22 Aug 2007 11:20:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7MBK1PI071919;
	Wed, 22 Aug 2007 11:20:01 GMT (envelope-from gnats)
Resent-Date: Wed, 22 Aug 2007 11:20:01 GMT
Resent-Message-Id: <200708221120.l7MBK1PI071919@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Vladimir Ermakov <samflanker@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AB68016A419
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed, 22 Aug 2007 11:16:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 996B413C468
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed, 22 Aug 2007 11:16:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l7MBGI0H086150
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 22 Aug 2007 11:16:18 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l7MBGI6F086149;
	Wed, 22 Aug 2007 11:16:18 GMT (envelope-from nobody)
Message-Id: <200708221116.l7MBGI6F086149@www.freebsd.org>
Date: Wed, 22 Aug 2007 11:16:18 GMT
From: Vladimir Ermakov <samflanker@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: bin/115715: please add pipe-buffer switcher (On\Off) in
	/usr/sbin/praudit
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2007 11:20:02 -0000


>Number:         115715
>Category:       bin
>Synopsis:       please add pipe-buffer switcher (On\Off) in /usr/sbin/praudit
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 22 11:20:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Vladimir Ermakov
>Release:        6.2-STABLE
>Organization:
-
>Environment:
FreeBSD localhost 6.2-STABLE FreeBSD 6.2-STABLE #1: Tue Aug 21 12:27:13 MSD 2007     root@localhost:/usr/obj/usr/src/sys/STONE  amd64
>Description:
please add pipe-buffer switcher (On\Off) in /usr/sbin/praudit
for normal(realtime without data buffering) work follow shell constructions:

# praudit -l /dev/auditpipe | tee file.log
# praudit -l /dev/auditpipe > file.log
# ...
# praudit -l /dev/auditpipe | grep "xxxx"


>How-To-Repeat:
# cat /etc/security/audit_control
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#5 $
# $FreeBSD: src/contrib/openbsm/etc/audit_control,v 1.2.2.2 2006/09/29 22:41:54 rwatson Exp $
#
dir:/var/audit
flags:^all
minfree:20
naflags:^all
policy:cnt

# cat /etc/security/audit_user
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $
# $FreeBSD: src/contrib/openbsm/etc/audit_user,v 1.2.2.1 2006/09/02 10:46:00 rwatson Exp $
#
#root:lo:no
flanker:+fw:no

please login user flanker, run follow construction:
# praudit -l /dev/auditpipe | tee file.log
or
# praudit -l /dev/auditpipe > file.log
or
# praudit -l /dev/auditpipe | grep "xxxx"

and write or create any files

'praudit' using pipe-buffer (4096 bytes) for forward data
after full load pipe-buffer, data forward to out
pipe-buffer prevent realtime data forwarding

>Fix:
Index: praudit.c
===================================================================
RCS file: /data/fbsd-cvs/ncvs/src/contrib/openbsm/bin/praudit/praudit.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 praudit.c
--- praudit.c    16 Apr 2007 15:36:57 -0000    1.1.1.3
+++ praudit.c    21 Aug 2007 14:26:43 -0000
@@ -107,6 +107,7 @@
         free(buf);
         if (oneline)
             printf("\n");
+        fflush(stdout);
     }
     return (0);
 }


>Release-Note:
>Audit-Trail:
>Unformatted: