d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
52267f7411
freebsd-dev/usr.sbin
History
Robert Watson 52267f7411 Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both 
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).

- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
  audit_bsm_token.c.
- Synchronize bsm includes and definitions.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

--

OpenBSM 1.1 alpha 2

- Include files in OpenBSM are now broken out into two parts: library builds
  required solely for user space, and system includes, which may also be
  required for use in the kernels of systems integrating OpenBSM.  Submitted
  by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
  include for system includes, rather than the versions bundled with OpenBSM.
  This is intended specifically for platforms that ship OpenBSM, have adapted
  versions of the system includes in a kernel source tree, and will use the
  OpenBSM build infrastructure with an unmodified OpenBSM distribution,
  allowing the customized system includes to be used with the OpenBSM build.
  Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
  or asprintf().  Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
  BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
  on the host generating the record.
- Add support for setting extended host information in the kernel, which is
  used for setting host information in extended header tokens.  The
  audit_control file now supports a "host" parameter which can be used by
  auditd to set the information; if not present, the kernel parameters won't
  be set and auditd uses unextended headers for records that it generates.

OpenBSM 1.1 alpha 1

- Add option to auditreduce(1) which allows users to invert sense of
  matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
  event there is an error writing the subject token.  This was submitted
  by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
  that const strings can be passed as arguments to tokens.  This patch was
  submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
2008-12-02 23:26:43 +00:00
..
ac Sort sections. 2005-01-18 20:02:45 +00:00
accton
acpi Update to reflect reality: 2008-05-20 12:07:02 +00:00
adduser The original adduser/rmuser scripts in Perl used to modify the PATH 2008-07-30 18:37:21 +00:00
amd Don't always link statically with libwrap. By the time amd(8) 2008-03-29 18:13:15 +00:00
ancontrol Remove duplicate headers <sys/socket.h> 2008-04-21 07:25:26 +00:00
apm Make apm(8) understand AC Line state 2 as "backup power". 2005-05-30 18:44:43 +00:00
apmd getopt(3) returns -1, not EOF when out of args. 2007-02-05 07:35:23 +00:00
arp Spell "blackhole" correctly and fix one grammar nit. 2008-03-24 22:57:55 +00:00
asf Make grammar a bit more consistent in this document. 2006-12-20 06:21:51 +00:00
audit Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both 2008-12-02 23:26:43 +00:00
auditd Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both 2008-12-02 23:26:43 +00:00
auditreduce auditreduce now requires OpenBSM's config/config.h, so add that to the 2006-09-25 11:56:20 +00:00
authpf Do not bypass WARNS machinery by hadcoding -Werror into CFLAGS. 2006-09-21 18:16:22 +00:00
bluetooth Straighten out those pesky SDP records for the Bluetooth 2008-11-25 21:54:42 +00:00
boot0cfg - Improve error message given on g_providername call failure. 2008-09-30 07:18:49 +00:00
boot98cfg Correct typo in usage message. 2007-12-19 03:31:44 +00:00
bootparamd Remove a useless cast. 2008-08-02 00:10:02 +00:00
bsnmpd Only build the bsnmpd netgraph module if MK_NETGRAPH_SUPPORT is set. 2008-10-02 14:26:56 +00:00
btxld Allow for a zero length 'loader'. 2008-04-05 10:26:20 +00:00
burncd - Remove MLINKS to nonexistant manpages 2005-07-14 20:29:08 +00:00
cdcontrol - Enhance volume handling 2008-07-14 13:22:09 +00:00
chkgrp Fix a bug introduced in revision 1.9 which causes chkgrp to coredump on 2005-08-25 17:01:06 +00:00
chown Expand *n't contractions. 2005-02-13 22:25:33 +00:00
chroot
ckdist Constify return value of stripath and avoid unnecessary deconst 2008-11-19 00:09:01 +00:00
clear_locks Add missing library dependency. 2008-03-29 18:07:06 +00:00
config Allow multiple makeoption lines to be used with the += operator, this permits 2008-11-22 21:12:47 +00:00
cpucontrol - Fix error reporting. 2008-08-12 09:47:50 +00:00
crashinfo Add a script to perform simple analysis of a crash dump (either a full 2008-08-05 20:41:46 +00:00
cron Fix typo. 2008-12-01 17:39:34 +00:00
crunch Introduce crunchide to the ELF e_machine MIPS values. 2008-09-03 16:21:28 +00:00
ctm Expand *n't contractions. 2005-02-13 22:25:33 +00:00
cxgbtool - Fix regression with GETMEM 2008-09-10 01:10:17 +00:00
daemon Unbreak rev 1.7's getopt usage. The -f switch does not take an argument. 2007-04-19 16:43:30 +00:00
dconschat Set the default escape character as described in the manpage of dconschat(8). 2007-07-12 13:08:00 +00:00
devinfo Bump up the limit for when to print the resources for a given resource 2007-10-27 13:06:15 +00:00
digictl Sort sections. 2005-01-18 20:02:45 +00:00
diskinfo Print provider's ident when in verbose mode. 2007-05-06 00:25:21 +00:00
dnssec-keygen Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
dnssec-signzone Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
dumpcis damn. Always do make depend. Forgot to recompile main because of it, 2008-11-20 08:32:19 +00:00
editmap Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
edquota Drag this code kicking and screaming into the twenty-first century. 2008-07-02 15:51:59 +00:00
eeprom Flush my typo fix queue for this directory. 2006-12-05 23:20:14 +00:00
extattr Invoke err() with a format string rather than directly with a passed 2008-07-15 16:07:34 +00:00
extattrctl Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
faithd Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
fdcontrol Force the use of the tbl(1) preprocessor. 2006-10-25 10:44:59 +00:00
fdformat Fix a nit noticed during translation. 2007-02-28 10:24:34 +00:00
fdread Remove unused variables. 2006-07-20 09:38:46 +00:00
fdwrite Expand *n't contractions. 2005-02-13 22:25:33 +00:00
fifolog Populate usage() 2008-05-14 23:29:02 +00:00
flowctl Implement "verbose" optional keyword for "show" command. This is analog 2005-03-23 09:40:18 +00:00
freebsd-update In freebsd-update IDS, strip out file flags before we look for 2008-08-08 04:34:00 +00:00
ftp-proxy Link pf 4.1 to the build: 2007-07-03 12:46:08 +00:00
fwcontrol Sweep this man page a bit: 2008-09-11 22:11:41 +00:00
getfmac Remove unnecessary SRCS= where could be guessed directly by our 2005-01-27 14:52:47 +00:00
getpmac Remove unnecessary SRCS= where could be guessed directly by our 2005-01-27 14:52:47 +00:00
gssd Tiny typo fix and remove 'example' from a "real" manpage. 2008-11-05 09:42:05 +00:00
gstat - Allow gstat to print values to different kind of outputs. 2008-10-07 10:25:27 +00:00
ifmcstat mdoc fix: Add missing .El request 2007-10-30 16:04:23 +00:00
inetd o inetd(8) requires wait/nowait column in inetd.conf for 2008-01-12 21:09:48 +00:00
iostat Fix the device name spacing. 2008-09-11 09:55:54 +00:00
ip6addrctl Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
ipfwpcap Add a signal handler for SIGINT to make sure that the PID file 2007-10-12 14:57:39 +00:00
IPXrouted Use printf formats which match the variable types without casts so we 2007-11-17 23:09:39 +00:00
jail MFp4: 2008-11-29 14:32:14 +00:00
jexec MFp4: 2008-11-29 14:32:14 +00:00
jls MFp4: 2008-11-29 14:32:14 +00:00
kbdcontrol Some clarifications to make keyboard configuration under syscons. 2008-01-29 18:28:50 +00:00
kbdmap Output keymap choice to stderr so it is easier to parse for apps chained to 2007-08-27 21:56:42 +00:00
kernbb
keyserv Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
kgmon Correct a typo 2006-06-29 09:18:16 +00:00
kgzip Sort sections. 2005-01-18 20:02:45 +00:00
kldxref Make the linker.hints file have mode 644 instead of 600. 2008-11-30 14:20:08 +00:00
lastlogin
lmcconfig Style. 2006-09-01 09:24:28 +00:00
lpr use bigger local variable to calculate free space 2008-09-01 12:32:40 +00:00
lptcontrol Remove useless mode argument to open(). 2005-01-25 14:25:18 +00:00
mailstats Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
mailwrapper Markup fixes. 2006-09-29 17:57:04 +00:00
makemap Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
manctl
memcontrol Correct formatting of pointers in the listing by using "0x%" PRIx64 instead of 2005-03-29 20:17:47 +00:00
mergemaster No need to run rm ${COMPFILE} after mm_install() - mm_install() 2008-11-11 02:13:21 +00:00
mixer mixer(8) is WARNS=6 clean since 1.25. 2008-03-16 08:06:36 +00:00
mld6query These IPv6-only tools have no explicit dependency on the INET6 macro. 2006-07-27 15:31:13 +00:00
mlxcontrol Make mlxcontrol work with more than one system drive: 2008-09-12 17:40:17 +00:00
mount_nwfs Use sysctlbyname() instead of sysctl 2006-05-11 17:23:57 +00:00
mount_portalfs Decrease to WARNS=3. 2007-01-20 23:24:11 +00:00
mount_smbfs Convert mount_smbfs to use nmount(). 2005-11-16 02:47:12 +00:00
mountd Implement support for RPCSEC_GSS authentication to both the NFS client 2008-11-03 10:38:00 +00:00
moused Improve the virtual scrolling mechanism to make middle clicking less 2008-05-15 15:05:02 +00:00
mptable Expand *n't contractions. 2005-02-13 22:25:33 +00:00
mtest Import rewrite of IPv4 socket multicast layer to support source-specific 2007-06-12 16:24:56 +00:00
mtree Add the mtree.5 manpage. I'll come back soon and 2008-01-01 06:15:57 +00:00
named Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
named-checkconf Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
named-checkzone Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
named.reload
ndiscvt remove reference for unexisting ndisapi(9) 2008-07-23 05:50:17 +00:00
ndp Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
newsyslog Fix 6-year old cut&paste error. The # could be escaped with '\', not 2008-06-26 07:02:47 +00:00
nfsd Implement support for RPCSEC_GSS authentication to both the NFS client 2008-11-03 10:38:00 +00:00
ngctl Modify the DoParseCommand() to work on (const char *) instead of just 2008-06-28 12:31:30 +00:00
nghook Sort sections. 2005-01-18 20:02:45 +00:00
nologin Update nologin(5) to match the modern reality of login.conf(5) and PAM. 2007-05-10 11:22:24 +00:00
nscd Slightly adjust code logic: we allocate a "size"ed length of memory, not 2008-10-23 00:31:15 +00:00
ntp - fix typo 2008-11-18 23:38:47 +00:00
nvram Revise markup. 2006-09-30 19:07:03 +00:00
ofwdump De-sparc64-ify (now that it's also installed on PowerPC). 2008-01-31 14:58:55 +00:00
pciconf Add ADMA, SATA and SAS mass storage subclasses. 2008-11-13 19:49:16 +00:00
periodic - The weekly periodic runs occur on Saturday mornings, not on Sunday mornings 2007-09-07 21:54:45 +00:00
pkg_install Display usage when pkg_add is called with no arguments. 2008-10-17 15:10:45 +00:00
pmcannotate Import an initial revision of the pmcannotate tool. 2008-11-26 21:44:57 +00:00
pmccontrol Ignore absent CPUs when listing the current state of PMC hardware. 2008-11-16 04:26:38 +00:00
pmcstat Add the -m option to pmcstat. 2008-11-25 23:24:29 +00:00
pnpinfo Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
portsnap - remove superfluous word 2008-09-15 16:30:06 +00:00
powerd Restore original frequency on exit. 2008-11-18 15:48:23 +00:00
ppp Make ppp use <termios.h>, not <sys/tty.h>. 2008-06-05 17:46:32 +00:00
pppctl Expand *n't contractions. 2005-02-13 22:25:33 +00:00
pppd Add missing <stdlib.h> for exit() 2007-11-07 10:57:35 +00:00
pppstats Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
praliases Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
praudit Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
procctl
pstat Clamp the values of t_column to 5 digits in pstat -t' and show all ttys'. 2008-11-01 13:40:46 +00:00
pw Use arc4random_uniform() to avoid "modulo bias" 2008-08-16 15:41:03 +00:00
pwd_mkdb Correctly handle an input file without a newline on the last line (and 2005-06-15 10:13:04 +00:00
quot Make `quot -a' work when we've got slashes in the device name. 2008-09-14 11:50:19 +00:00
quotaon Drag this code kicking and screaming into the twenty-first century. 2008-07-02 15:51:59 +00:00
rarpd Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
raycontrol Expand *n't contractions. 2005-02-13 22:25:33 +00:00
repquota Drag this code kicking and screaming into the twenty-first century. 2008-07-02 15:51:59 +00:00
rip6query Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
rmt Remove rexecd(8), a server that implements a particularly insecure 2005-06-10 20:52:36 +00:00
rndc Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
rndc-confgen Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
route6d Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
rpc.lockd Re-implement the client side of rpc.lockd in the kernel. This implementation 2008-06-26 10:21:54 +00:00
rpc.statd Re-implement the client side of rpc.lockd in the kernel. This implementation 2008-06-26 10:21:54 +00:00
rpc.umntall Use clnt_create_timed() instead of clnt_create(). The former has an 2005-05-27 00:05:16 +00:00
rpc.yppasswdd - Whenever a password/shell is changed via rpc.yppasswdd, the daemon leaves 2008-10-30 01:54:31 +00:00
rpc.ypupdated Kill blank line at EOF. 2007-02-15 02:45:14 +00:00
rpc.ypxfrd o There is no securenets(5) man page, refer to ypserv(8). 2006-11-02 07:36:33 +00:00
rpcbind No network addresses in the system isn't a good excuse 2008-02-14 20:12:23 +00:00
rrenumd Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
rtadvd Change 2 arc4random modulo operations to arc4random_uniform() as 2008-07-26 15:39:32 +00:00
rtprio Sort sections. 2005-01-18 20:02:45 +00:00
rtsold Change arc4random to arc4random_uniform since modulo is not power of 2, 2008-07-26 15:46:39 +00:00
rwhod - Avoid a memory leak if realloc(3) fails by using reallocf(3) 2005-06-03 17:38:33 +00:00
sa Ensure that the -s flag truncates the accounting data. 2008-02-21 07:12:56 +00:00
sade Move sysinstall/sade away from TIOCGSIZE. 2008-05-23 14:24:33 +00:00
sendmail This FFR is no longer needed in sendmail 8.14 2007-04-09 01:45:52 +00:00
setfib - Use static for usage() 2008-10-17 21:11:09 +00:00
setfmac An average consumer of fts(3) that avoids keeping pointers to old 2008-01-29 17:50:29 +00:00
setpmac Remove unnecessary SRCS= where could be guessed directly by our 2005-01-27 14:52:47 +00:00
sicontrol Remove sicontrol(8)'s "ttystat". 2008-06-09 08:43:27 +00:00
sliplogin Remove an unused variable and a useless getuid() declaration. 2005-04-09 15:00:51 +00:00
slstat Correct xref to systat(1) which was mispelled as ststat(1) in 1.5. 2005-11-29 16:33:44 +00:00
smbmsg Force the use of the tbl(1) preprocessor. 2006-10-25 10:44:59 +00:00
snapinfo Imagine a situation where: 2007-03-16 12:36:54 +00:00
spkrtest
spray
sysinstall Add ale(4) to the list of supported network interface. 2008-11-12 10:01:16 +00:00
syslogd Add a flag, -T, that tells syslogd to always replace the timestamp on 2008-09-25 09:28:18 +00:00
tcpdchk Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
tcpdmatch Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
tcpdrop Normalize usage output. 2007-10-31 13:49:20 +00:00
tcpdump Update for tcpdump 3.9.8 2007-10-16 02:32:44 +00:00
timed Remove spurious duplicated defination of sock. 2008-09-24 00:04:51 +00:00
traceroute Add AS lookup functionality. On each hop we query a whois server to 2008-02-20 23:29:53 +00:00
traceroute6 Give traceroute6 the ability to traceroute with packets with no 2008-02-10 21:06:38 +00:00
trpt Obey MK_INET6_SUPPORT. 2006-07-27 14:52:12 +00:00
tzsetup - Replace rcsid with __FBSDID. 2008-06-03 22:34:52 +00:00
ugidfw Add some new options to mac_bsdestended. We can now match on: 2006-04-23 17:06:18 +00:00
usbconfig src/sys/dev/usb2/controller/uss820dci_pccard.c 2008-11-19 08:56:35 +00:00
usbdevs
vidcontrol Tweak some wording and markup. 2006-12-22 23:23:59 +00:00
vipw s/insure/ensure/ in previous commit. My dictionary and m-w.com say they 2005-10-28 22:47:40 +00:00
watch Convert the snp(4) driver to use cdevpriv. 2008-08-15 13:07:07 +00:00
watchdogd Don't exit from watchdogd on receiving a signal if we cannot stop the watchdog. 2006-12-15 22:47:36 +00:00
wlandebug misc cleanups for stricter compilation 2008-05-28 23:37:37 +00:00
wlconfig
wpa 'Strict EAP conformance' makes more sense here than 'String EAP 2008-11-21 18:15:39 +00:00
yp_mkdb Expand *n't contractions. 2005-02-13 22:25:33 +00:00
ypbind Don't rely on private RPC data structures when there is a perfectly good 2008-09-15 14:01:40 +00:00
yppoll
yppush Remove unsafe use of asynchronous I/O (the SIGIO handler could cause 2006-08-16 12:58:41 +00:00
ypserv Add -P <port> option to allow binding to a specific port. 2008-02-03 17:39:37 +00:00
ypset Increase helpfulness in diagnostic message - ypbind running without -ypset or 2007-02-28 22:49:12 +00:00
zic Finish a few more .Dl "quoted" arguments missed in revision 184984 2008-11-15 06:41:57 +00:00
zzz
Makefile Import an initial revision of the pmcannotate tool. 2008-11-26 21:44:57 +00:00
Makefile.inc