From owner-soc-status@FreeBSD.ORG Thu Jul 29 19:56:02 2010 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A51E1065672; Thu, 29 Jul 2010 19:56:02 +0000 (UTC) (envelope-from ligregni@unixmexico.org) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2F3A38FC15; Thu, 29 Jul 2010 19:55:57 +0000 (UTC) Received: by yxe42 with SMTP id 42so339382yxe.13 for ; Thu, 29 Jul 2010 12:55:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.101.32.14 with SMTP id k14mr834610anj.28.1280433357323; Thu, 29 Jul 2010 12:55:57 -0700 (PDT) Received: by 10.231.192.65 with HTTP; Thu, 29 Jul 2010 12:55:57 -0700 (PDT) Date: Thu, 29 Jul 2010 14:55:57 -0500 Message-ID: From: Sergio Ligregni To: soc-status@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Stacey Son Subject: Distributed Audit Project Report X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2010 19:56:02 -0000 Hi! The project is going pretty well, the changes made since MidTerm Eval: - MD5 to SHA256 checksum when verifying the integrity of an audit trail - Multi audit trail directories allowed, this is, if audit_control has "dir= : /var/audit /var/audit2 /var/audit3", and the shipd_control file has the three configured also, the daemon will search throught all directories listed for audit trails (but, if duplicated, since the important thing is the name and the SHA256, there will be no double transfer of trails) - Fixed the security issues realted to strxxx functions, and styled (style(9)) the code. TO_DO (next days): - config audit_warn to call shipd when a trail is closed (if someone has ideas to do that, help is welcome) - "migrate" BSD sockets to BIO sockets, in order to get SSL implemented. HELP NEEDED: /*++++++++++++++++++++++*/ - which code should I base my development in getting parameters from a file= ? (I've searched some audit.c, auditd_fbsd.c, auditd.c but not got the function to do that, maybe I missed something), currently I have files like= : /var/audit /var2/audit 1000 yes 53686 and got the parameters with sscanf, but the right way (the one I want to know wich code to take as baseline): dir:/var/audit /var2/audit time: 1000 slave_dir: yes port: 53686 and not to use sscanf (the avoiding of that function is a security concern made by my mentor). I think I can do an algorithm to implement that, but maybe there is a better/safer way to do in order to keeping the standard. /*++++++++++++++++++++++*/ Currently I have this function to verify if a file is a trail, having it's name, this is very poor and it needs to be improved, any ideas? /* * When exploring /var/audit/ (or the directory where the trails are), not * all files are trails so we must ensure we will only deal with the ones * that are trails. */ static int is_audit_trail(char *path) { /* * We have these posibilities, only the first one is allowed * 20100619223115.20100619223131 20100619223131.not_terminated * current */ if (strlen(path) =3D=3D 29 && path[14] =3D=3D '.' && isdigit(path[15])) { /* XXX To improve this checking later */ return 1; } return 0; } /*++++++++++++++++++++++*/ Thanks! --=20 ----------------------------------------------------------- Sergio Andr=E9s Ligregni Arredondo Estudiante Ingenier=EDa en Sistemas Computacionales, ITQ. Is UNIX Hot Enough for You? | FreeBSD