On Wed, 1 Feb 2006, Robert Watson wrote: > As Wayne and I are in the process of merging the TrustedBSD audit3 branch > contents into the FreeBSD CVS HEAD (7-CURRENT), there may be periods where > the tree is (hopefully briefly) unbuildable. This integration process will > take a couple of days to complete, due to the scope of the changes. So far, > the kernel audit framework has been committed (src/sys/security/audit), as > has an initial vendor import of OpenBSM for user space > (src/contrib/openbsm). What remains to be committed are the substantial > changes to gather audit data in system calls, the mappings of system calls > to audit events, and integration into the user space build and user space > applications (such as login). These bits are the trickier bits as the > patches are large and touch a lot of parts of the tree. > > I'll send out follow-up e-mail once the worst is past, along with > information on what it all means, and how to try it out (for those not > already on trustedbsd-audit, who have been hearing about this for a while). FYI, the current status is that the merge is continuing. So far we have merged: - OpenBSM library, commands, man pages, include files, etc. - sys/security/audit audit event management framework - etc/rc.d boot script, makefiles - Mapping of FreeBSD native system calls to audit events. To go are: - Mappings of non-native system calls to audit events. - Auditing of system call arguments. - Submission of audit records by user space components. So there are now enough pieces in the tree to configure auditing and see basic ../../../security/audit/audit_bsm_token.c system call traces. More to follow in the next couple of days. Robert N M WatsonReceived on Fri Feb 03 2006 - 14:51:08 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:51 UTC