From owner-freebsd-current@FreeBSD.ORG Fri Feb 3 15:51:08 2006 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86F1416A420 for ; Fri, 3 Feb 2006 15:51:08 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4100F43D5E for ; Fri, 3 Feb 2006 15:51:07 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 9241A46CAA; Fri, 3 Feb 2006 10:50:53 -0500 (EST) Date: Fri, 3 Feb 2006 15:53:09 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: current@FreeBSD.org In-Reply-To: <20060201221213.L87763@fledge.watson.org> Message-ID: <20060203144824.W77426@fledge.watson.org> References: <20060201221213.L87763@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org Subject: Re: HEADS UP: Audit integration into CVS in progress, some tree disruption X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2006 15:51:08 -0000 On Wed, 1 Feb 2006, Robert Watson wrote: > As Wayne and I are in the process of merging the TrustedBSD audit3 branch > contents into the FreeBSD CVS HEAD (7-CURRENT), there may be periods where > the tree is (hopefully briefly) unbuildable. This integration process will > take a couple of days to complete, due to the scope of the changes. So far, > the kernel audit framework has been committed (src/sys/security/audit), as > has an initial vendor import of OpenBSM for user space > (src/contrib/openbsm). What remains to be committed are the substantial > changes to gather audit data in system calls, the mappings of system calls > to audit events, and integration into the user space build and user space > applications (such as login). These bits are the trickier bits as the > patches are large and touch a lot of parts of the tree. > > I'll send out follow-up e-mail once the worst is past, along with > information on what it all means, and how to try it out (for those not > already on trustedbsd-audit, who have been hearing about this for a while). FYI, the current status is that the merge is continuing. So far we have merged: - OpenBSM library, commands, man pages, include files, etc. - sys/security/audit audit event management framework - etc/rc.d boot script, makefiles - Mapping of FreeBSD native system calls to audit events. To go are: - Mappings of non-native system calls to audit events. - Auditing of system call arguments. - Submission of audit records by user space components. So there are now enough pieces in the tree to configure auditing and see basic ../../../security/audit/audit_bsm_token.c system call traces. More to follow in the next couple of days. Robert N M Watson