Date: Thu, 29 Jul 2010 14:55:57 -0500 From: Sergio Ligregni <ligregni@unixmexico.org> To: soc-status@freebsd.org Cc: Stacey Son <sson@freebsd.org> Subject: Distributed Audit Project Report Message-ID: <AANLkTinD-QMDA=uMkV_V3dvsAefiV0VM6QAXFt-ADQ9z@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi! The project is going pretty well, the changes made since MidTerm Eval: - MD5 to SHA256 checksum when verifying the integrity of an audit trail - Multi audit trail directories allowed, this is, if audit_control has "dir= : /var/audit /var/audit2 /var/audit3", and the shipd_control file has the three configured also, the daemon will search throught all directories listed for audit trails (but, if duplicated, since the important thing is the name and the SHA256, there will be no double transfer of trails) - Fixed the security issues realted to strxxx functions, and styled (style(9)) the code. TO_DO (next days): - config audit_warn to call shipd when a trail is closed (if someone has ideas to do that, help is welcome) - "migrate" BSD sockets to BIO sockets, in order to get SSL implemented. HELP NEEDED: /*++++++++++++++++++++++*/ - which code should I base my development in getting parameters from a file= ? (I've searched some audit.c, auditd_fbsd.c, auditd.c but not got the function to do that, maybe I missed something), currently I have files like= : /var/audit /var2/audit 1000 yes 53686 and got the parameters with sscanf, but the right way (the one I want to know wich code to take as baseline): dir:/var/audit /var2/audit time: 1000 slave_dir: yes port: 53686 and not to use sscanf (the avoiding of that function is a security concern made by my mentor). I think I can do an algorithm to implement that, but maybe there is a better/safer way to do in order to keeping the standard. /*++++++++++++++++++++++*/ Currently I have this function to verify if a file is a trail, having it's name, this is very poor and it needs to be improved, any ideas? /* * When exploring /var/audit/ (or the directory where the trails are), not * all files are trails so we must ensure we will only deal with the ones * that are trails. */ static int is_audit_trail(char *path) { /* * We have these posibilities, only the first one is allowed * 20100619223115.20100619223131 20100619223131.not_terminated * current */ if (strlen(path) =3D=3D 29 && path[14] =3D=3D '.' && isdigit(path[15])) { /* XXX To improve this checking later */ return 1; } return 0; } /*++++++++++++++++++++++*/ Thanks! --=20 ----------------------------------------------------------- Sergio Andr=E9s Ligregni Arredondo Estudiante Ingenier=EDa en Sistemas Computacionales, ITQ. Is UNIX Hot Enough for You? | FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinD-QMDA=uMkV_V3dvsAefiV0VM6QAXFt-ADQ9z>