From owner-trustedbsd-cvs@FreeBSD.ORG Mon Sep 18 14:39:48 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F83616A4D4 for ; Mon, 18 Sep 2006 14:39:48 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3597D43D88 for ; Mon, 18 Sep 2006 14:37:24 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id BFA6A46D07 for ; Mon, 18 Sep 2006 10:36:38 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id D47E09310E; Mon, 18 Sep 2006 14:33:49 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id CB33316A4A7; Mon, 18 Sep 2006 14:33:49 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7310A16A492 for ; Mon, 18 Sep 2006 14:33:49 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 386FF43D62 for ; Mon, 18 Sep 2006 14:33:25 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k8IEXPUJ002578 for ; Mon, 18 Sep 2006 14:33:25 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k8IEXOS7002575 for perforce@freebsd.org; Mon, 18 Sep 2006 14:33:24 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 18 Sep 2006 14:33:24 GMT Message-Id: <200609181433.k8IEXOS7002575@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 106292 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 14:39:48 -0000 http://perforce.freebsd.org/chv.cgi?CH=106292 Change 106292 by rwatson@rwatson_sesame on 2006/09/18 14:32:34 - Fix a number of thread related bugs in the reading of the audit_control configuration file. - Add new APIs getacpol(), au_poltostr() and au_strtopol() which are used to retrieve global audit policy flags from the audit_control configuration file. - Modify auditd(8) to read and set audit policy flags. Remove the -s and -h flags, they are replaced by the policy field in audit_control. - Update audump to read, parse, and print policy flags. - Update history, documentation. It's now possible to set flags like argv, arge, cnt, etc, in the /etc configuration file. Affected files ... .. //depot/projects/trustedbsd/openbsm/HISTORY#29 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#20 edit .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#28 edit .. //depot/projects/trustedbsd/openbsm/etc/audit_control#4 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#14 edit .. //depot/projects/trustedbsd/openbsm/man/audit_control.5#10 edit .. //depot/projects/trustedbsd/openbsm/tools/audump.c#6 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/HISTORY#29 (text+ko) ==== @@ -3,20 +3,28 @@ - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - - Improve auditd debugging output. +- Fix a number of threading related bugs in audit_control file reading + routines. +- Add APIs au_poltostr() and au_strtopol() to convert between text + representations of audit_control policy flags and the flags passed to + auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). +- Add API getacpol() to return the 'policy:' entry from audit_control, an + extension to the Solaris file format to allow specification of policy + persistent flags. +- Update audump to print the audit_control policy field. +- Update auditd to read the audit_control policy field and set the kernel + policy to match it when configuring/reconfiguring. Remove the -s and -h + arguments as these policies are now set via the configuration file. OpenBSM 1.0 alpha 10 @@ -229,4 +237,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#28 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#29 $ ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 (text+ko) ==== @@ -29,7 +29,7 @@ .\" .\" @APPLE_BSD_LICENSE_HEADER_END@ .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#8 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 $ .\" .Dd January 24, 2004 .Dt AUDITD 8 @@ -51,14 +51,20 @@ .Bl -tag -width Ds .It Fl d Starts the daemon in debug mode - it will not daemonize. -.It Fl h -Specifies that if auditing cannot be performed as specified, the system should -halt (panic). Normally, the system will attempt to proceed - although individual -processes may be stopped (see the -s option). -.It Fl s -Specifies that individual processes should stop rather than perform operations -that may cause audit records to be lost due to log file full conditions .El +.Pp +The historical +.Fl h +and +.Fl s +flags are now configured using +.Xr audit_control 5 +policy flags +.Dv ahlt +and +.Dv cnt , +and are no longer available as arguments to +.Xr auditd 8 . .Sh NOTE .Pp To assure uninterrupted audit support, the ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#20 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#19 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#20 $ */ #include @@ -59,6 +59,7 @@ #include "auditd.h" #define NA_EVENT_STR_SIZE 25 +#define POL_STR_SIZE 128 static int ret, minval; static char *lastfile = NULL; @@ -67,7 +68,6 @@ static int sigchlds, sigchlds_handled; static int sighups, sighups_handled; static int sigterms, sigterms_handled; -static long global_flags; static TAILQ_HEAD(, dir_ent) dir_q; @@ -725,6 +725,8 @@ au_mask_t aumask; int ctr = 0; char naeventstr[NA_EVENT_STR_SIZE]; + char polstr[POL_STR_SIZE]; + long policy; /* * Process the audit event file, obtaining a class mapping for each @@ -787,15 +789,12 @@ syslog(LOG_ERR, "Failed to obtain non-attributable event mask."); - /* - * Set the audit policy flags based on passed in parameter values. - * - * XXXRW: This removes existing policy flags not related to cnt/ahlt. - * We need a way to merge configuration policy and command line - * argument policy. - */ - if (auditon(A_SETPOLICY, &global_flags, sizeof(global_flags))) - syslog(LOG_ERR, "Failed to set audit policy."); + if ((getacpol(polstr, POL_STR_SIZE) == 0) && + (au_strtopol(polstr, &policy) == 0)) { + if (auditon(A_SETPOLICY, &policy, sizeof(policy))) + syslog(LOG_ERR, "Failed to set audit policy."); + } else + syslog(LOG_ERR, "Failed to obtain policy flags."); return (0); } @@ -872,7 +871,6 @@ int debug = 0; int rc; - global_flags |= AUDIT_CNT; while ((ch = getopt(argc, argv, "dhs")) != -1) { switch(ch) { case 'd': @@ -880,20 +878,10 @@ debug = 1; break; - case 's': - /* Fail-stop option. */ - global_flags &= ~(AUDIT_CNT); - break; - - case 'h': - /* Halt-stop option. */ - global_flags |= AUDIT_AHLT; - break; - case '?': default: (void)fprintf(stderr, - "usage: auditd [-h | -s] [-d] \n"); + "usage: auditd [-d] \n"); exit(1); } } ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#28 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#27 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#28 $ */ #ifndef _LIBBSM_H_ @@ -71,6 +71,7 @@ #define MINFREE_CONTROL_ENTRY "minfree" #define FLAGS_CONTROL_ENTRY "flags" #define NA_CONTROL_ENTRY "naflags" +#define POLICY_CONTROL_ENTRY "policy" #define AU_CLASS_NAME_MAX 8 #define AU_CLASS_DESC_MAX 72 @@ -711,11 +712,14 @@ int getacmin(int *min_val); int getacflg(char *auditstr, int len); int getacna(char *auditstr, int len); +int getacpol(char *auditstr, size_t len); int getauditflagsbin(char *auditstr, au_mask_t *masks); int getauditflagschar(char *auditstr, au_mask_t *masks, int verbose); int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag); +ssize_t au_poltostr(long policy, size_t maxsize, char *buf); +int au_strtopol(const char *polstr, long *policy); /* * Functions relating to querying audit event information. ==== //depot/projects/trustedbsd/openbsm/etc/audit_control#4 (text+ko) ==== @@ -1,7 +1,8 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#4 $ # dir:/var/audit flags:lo minfree:20 naflags:lo +policy:cnt ==== //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $ .\" .Dd April 19, 2005 .Dt AU_CONTROL 3 @@ -34,7 +34,10 @@ .Nm getacdir , .Nm getacmin , .Nm getacflg , -.Nm getacna +.Nm getacna , +.Nm getacpol , +.Nm au_poltostr +.Nm au_strtopol .Nd "Look up information from the audit_control database" .Sh LIBRARY .Lb libbsm @@ -52,6 +55,12 @@ .Fn getacflg "char *auditstr" "int len" .Ft int .Fn getacna "char *auditstr" "int len" +.Ft int +.Fn getacpol "char *auditstr" "size_t len" +.Ft ssize_t +.Fn au_poltostr "long policy" "size_t maxsize" "char *buf" +.Ft int +.Fn au_strtopol "const char *polstr" "long *policy" .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_control 5 @@ -90,15 +99,42 @@ .Va auditstr of length .Va len . +.Pp +.Fn getacpol +returns the audit policy flags via the passed character buffer +.Va auditstr +of length +.Va len . +.Pp +.Fn au_poltostr +converts a numeric audit policy mask, +.Va policy , +value to a string in the passed character buffer +.Va buf +of lenth +.Va maxsize . +.Pp +.Fn au_strtopol +converts an audit policy flags string, +.Va polstr , +to a numeric audit policy mask returned via +.Va policy . .Sh RETURN VALULES .Fn getacdir , .Fn getacmin , .Fn getacflg , +.Fn getacna , +.Fn getacpol , and -.Fn getacna +.Fn au_strtopol return 0 on success, or a negative value on failure, along with error information in .Va errno . +.Pp +.Fn au_poltostr +returns a string length of 0 or more on success, or a negative value on +if there is a failure. +.Pp Functions that return a string value will return a failure if there is insufficient room in the passed character buffer for the full string. .Sh SEE ALSO ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#14 (text+ko) ==== @@ -1,5 +1,6 @@ /* * Copyright (c) 2004 Apple Computer, Inc. + * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#13 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#14 $ */ #include @@ -39,7 +40,7 @@ /* * Parse the contents of the audit_control file to return the audit control - * parameters. + * parameters. These static fields are protected by 'mutex'. */ static FILE *fp = NULL; static char linestr[AU_LINE_MAX]; @@ -98,21 +99,223 @@ } /* + * Convert a policy to a string. Return -1 on failure, or >= 0 representing + * the actual size of the string placed in the buffer (excluding terminating + * nul). + */ +ssize_t +au_poltostr(long policy, size_t maxsize, char *buf) +{ + int first; + + if (maxsize < 1) + return (-1); + first = 1; + buf[0] = '\0'; + + if (policy & AUDIT_CNT) { + if (strlcat(buf, "cnt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_AHLT) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "ahlt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ARGV) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "argv", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ARGE) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "arge", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_SEQ) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "seq", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_WINDATA) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "windata", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_USER) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "user", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_GROUP) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "group", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_TRAIL) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "trail", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PATH) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "path", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_SCNT) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "scnt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PUBLIC) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "public", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ZONENAME) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "zonename", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PERZONE) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "perzone", maxsize) >= maxsize) + return (-1); + first = 0; + } + return (strlen(buf)); +} + +/* + * Convert a string to a policy. Return -1 on failure (with errno EINVAL, + * ENOMEM) or 0 on success. + */ +int +au_strtopol(const char *polstr, long *policy) +{ + char *bufp, *string; + char *buffer; + + *policy = 0; + buffer = strdup(polstr); + if (buffer == NULL) + return (-1); + + bufp = buffer; + while ((string = strsep(&bufp, ",")) != NULL) { + if (strcmp(string, "cnt") == 0) + *policy |= AUDIT_CNT; + else if (strcmp(string, "ahlt") == 0) + *policy |= AUDIT_AHLT; + else if (strcmp(string, "argv") == 0) + *policy |= AUDIT_ARGV; + else if (strcmp(string, "arge") == 0) + *policy |= AUDIT_ARGE; + else if (strcmp(string, "seq") == 0) + *policy |= AUDIT_SEQ; + else if (strcmp(string, "winau_fstat") == 0) + *policy |= AUDIT_WINDATA; + else if (strcmp(string, "user") == 0) + *policy |= AUDIT_USER; + else if (strcmp(string, "group") == 0) + *policy |= AUDIT_GROUP; + else if (strcmp(string, "trail") == 0) + *policy |= AUDIT_TRAIL; + else if (strcmp(string, "path") == 0) + *policy |= AUDIT_PATH; + else if (strcmp(string, "scnt") == 0) + *policy |= AUDIT_SCNT; + else if (strcmp(string, "public") == 0) + *policy |= AUDIT_PUBLIC; + else if (strcmp(string, "zonename") == 0) + *policy |= AUDIT_ZONENAME; + else if (strcmp(string, "perzone") == 0) + *policy |= AUDIT_PERZONE; + else { + free(buffer); + errno = EINVAL; + return (-1); + } + } + free(buffer); + return (0); +} + +/* * Rewind the file pointer to beginning. */ +static void +setac_locked(void) +{ + + ptrmoved = 1; + if (fp != NULL) + fseek(fp, 0, SEEK_SET); +} + void setac(void) { pthread_mutex_lock(&mutex); - ptrmoved = 1; - if (fp != NULL) - fseek(fp, 0, SEEK_SET); + setac_locked(); pthread_mutex_unlock(&mutex); } /* - * Close the audit_control file + * Close the audit_control file. */ void endac(void) @@ -136,72 +339,54 @@ char *dir; int ret = 0; - if (name == NULL) { - errno = EINVAL; - return (-2); - } - - pthread_mutex_lock(&mutex); - /* - * Check if another function was called between - * successive calls to getacdir + * Check if another function was called between successive calls to + * getacdir. */ + pthread_mutex_lock(&mutex); if (inacdir && ptrmoved) { ptrmoved = 0; if (fp != NULL) fseek(fp, 0, SEEK_SET); ret = 2; } - - if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (dir == NULL) + if (dir == NULL) { + pthread_mutex_unlock(&mutex); return (-1); - - if (strlen(dir) >= len) + } + if (strlen(dir) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(name, dir); - + pthread_mutex_unlock(&mutex); return (ret); } /* - * Return the minimum free diskspace value from the audit control file + * Return the minimum free diskspace value from the audit control file. */ int getacmin(int *min_val) { char *min; - setac(); - - if (min_val == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (min == NULL) + if (min == NULL) { + pthread_mutex_unlock(&mutex); return (1); - + } *min_val = atoi(min); - + pthread_mutex_unlock(&mutex); return (0); } @@ -213,30 +398,22 @@ { char *str; - setac(); - - if (auditstr == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (str == NULL) + if (str == NULL) { + pthread_mutex_unlock(&mutex); return (1); - - if (strlen(str) >= len) + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(auditstr, str); - + pthread_mutex_unlock(&mutex); return (0); } @@ -248,28 +425,47 @@ { char *str; - setac(); - - if (auditstr == NULL) { - errno = EINVAL; + pthread_mutex_lock(&mutex); + setac_locked(); + if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) { + pthread_mutex_unlock(&mutex); return (-2); } + if (str == NULL) { + pthread_mutex_unlock(&mutex); + return (1); + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); + return (-3); + } + strcpy(auditstr, str); + return (0); +} + +/* + * Return the policy field from the audit control file. + */ +int +getacpol(char *auditstr, size_t len) +{ + char *str; pthread_mutex_lock(&mutex); - - if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) { + setac_locked(); + if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - pthread_mutex_unlock(&mutex); - - if (str == NULL) - return (1); - - if (strlen(str) >= len) + if (str == NULL) { + pthread_mutex_unlock(&mutex); + return (-1); + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(auditstr, str); - + pthread_mutex_unlock(&mutex); return (0); } ==== //depot/projects/trustedbsd/openbsm/man/audit_control.5#10 (text+ko) ==== @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#10 $ .\" .Dd January 4, 2006 .Dt AUDIT_CONTROL 5 @@ -63,6 +63,9 @@ The minimum free space required on the file system audit logs are being written to. When the free space falls below this limit a warning will be issued. Not currently used as the value of 20 percent is chosen by the kernel. +.It Va policy +A list of global audit policy flags specifying various behaviors, such as +fail stop, auditing of paths and arguments, etc. .El .Sh AUDIT FLAGS Audit flags are a comma-delimited list of audit classes as defined in the @@ -86,6 +89,53 @@ .It ^- Do not record failed events .El +.Sh AUDIT POLICY FLAGS +The policy flags field is a comma-delimited list of policy flags from the +following list: +.Pp +.Bl -tag -width zonename -compact -offset indent +.It cnt +Allow processes to continue running even though events are not being audited. +If not set, processes will be suspended when the audit store space is +exhausted. +Currently, this is not a recoverable state. +.It ahlt +Fail stop the system if unable to audit an event--this consists of first +draining pending records to disk, and then halting the operating system. +.It argv +Audit command line arguments to +.Xr execve 2 . +.It arge +Audit environmental variable arguments to +.Xr execve 2 . +.It seq +Include a unique audit sequence number token in generated audit records (not +implemented on FreeBSD or Darwin). +.It group +Include supplementary groups list in generated audit records (not implemented +on FreeBSD or Darwin; supplementary groupsi are never included in records on +these systems). +.It trail +Append a trailer token to each audit record (not implemented on FreeBSD or +Darwin; trailers are always included in records on these systems). +.It path +Include secondary file paths in audit records (not implemented on FreeBSD or +Darwin; secondary paths are never included in records on these systems). +.It zonename +Include a zone ID token with each audit record (not implemented on FreeBSD or +Darwin; FreeBSD audit records do not currently include the jail ID or name.) +.It perzone +Enable auditing for each local zone (not implemented on FreeBSD or Darwin; on +FreeBSD, audit records are collected from all jails and placed in a single +global trail, and only limited audit controls are permitted within a jail.) +.El +.Pp +It is recommended that installations set the +.Dv cnt +flag but not +.Dv ahlt +flag unless it is intended that audit logs exceeding available disk space +halt the system. .Sh DEFAULT The following settings appear in the default .Nm @@ -95,12 +145,18 @@ flags:lo minfree:20 naflags:lo +policy:cnt .Ed .Pp The .Va flags parameter above specifies the system-wide mask corresponding to login/logout events. +The +.Va policy +parameter specifies that the system should neither fail stop nor suspend +processes when the audit store fills. +will be audited. .Sh FILES .Bl -tag -width "/etc/security/audit_control" -compact .It Pa /etc/security/audit_control ==== //depot/projects/trustedbsd/openbsm/tools/audump.c#6 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Robert N. M. Watson + * Copyright (c) 2005-2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#6 $ */ #include @@ -77,8 +77,9 @@ static void audump_control(void) { - char string[PATH_MAX]; + char string[PATH_MAX], string2[PATH_MAX]; int ret, val; + long policy; ret = getacflg(string, PATH_MAX); if (ret == -2) @@ -116,6 +117,15 @@ printf("dir:%s\n", string); } while (ret == 0); + + ret = getacpol(string, PATH_MAX); + if (ret != 0) + err(-1, "getacpol"); + if (au_strtopol(string, &policy) < 0) + err(-1, "au_strtopol"); + if (au_poltostr(policy, string2, PATH_MAX) < 0) + err(-1, "au_poltostr"); + printf("policy:%s\n", string2); } static void