Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Nov 2006 09:38:15 +0000 (GMT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Diego Giagio <dgiagio@gmail.com>
Cc:        trustedbsd-audit@FreeBSD.org
Subject:   Re: I would like to help
Message-ID:  <20061111092821.I63959@fledge.watson.org>
In-Reply-To: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com>
References:  <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Fri, 3 Nov 2006, Diego Giagio wrote:

> Let me introduce myself. I'm a software engineer in Brazil and I would like 
> to help the FreeBSD audit project. I have a strong C/ASM (x86) background 
> and can help with both user-level and kernel-level coding. I've also been 
> involved with computer security for some time now and I'm very comfortably 
> with FreeBSD, OpenBSD, Mac OSX and Linux.
>
> Do you have any suggestions where to begin with ? I've been reading the page 
> http://www.freebsd.org/projects/ideas/ and I find the "Distributed audit 
> daemon" idea very interesting, but don't know if its a good starting point. 
> I also checked http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf.

Diego,

Thanks for your e-mail!  Your help would be most welcome.  There is quite a 
bit of work to be done; right now we're not maintaining a unified TODO list 
for the FreeBSD audit implementation, rather, there are a few lists scattered 
in various places.  You can find a short TODO list in the OpenBSM distribution 
(some of the items in the most recent release have now been done, FYI, so 
check first).  The distributed audit daemon is one of the more interesting 
outstanding areas to work in, but there are others that probably ought to go 
into a TODO list somewhere.  In my recent presentation at the FreeBSD 
developer summit, I identified the following areas in which interesting new 
work can and should be done:

-Finish syscall assignments, especially for ABIs

- Flesh out argument auditing
- Audit + NSS
- Userland sweep
- Ports + packages
- Language bindings
- Enhance audit pipe preselection
- Multiple audit pipelines


- IDS/monitoring tools
- Distributed audit
- New parsing API



Robert N M Watson
Computer Laboratory
University of Cambridge

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061111092821.I63959>