4bd0c025f3
history notes since the last import: OpenBSM 1.0 alpha 12 - Correct bug in auditreduce which prevented the -c option from working correctly when the user specifies to process successful or failed events. The problem stemmed from not having access to the return token at the time the initial preselection occurred, but now a second preselection process occurs while processing the return token. - getacfilesz(3) API added to read new audit_control(5) filesz setting, which auditd(8) now sets the kernel audit trail rotation size to. - auditreduce(1) now uses stdin if no file names are specified on the command line; this was the documented behavior previously, but it was not implemented. Be more specific in auditreduce(1)'s examples section about what might be done with the output of auditreduce. - Add audit_warn(5) closefile event so that administrators can hook termination of an audit trail file. For example, this might be used to compress the trail file after it is closed. - auditreduce(1) now uses regular expressions for pathname matching. Users can now supply one or more (comma delimited) regular expressions for searching the pathnames. If one of the regular expressions is prefixed with a tilde (~), and a path matches, it will be excluded from the search results. MFC after: 3 days Obtained from: TrustedBSD Project
24 lines
1.2 KiB
Plaintext
24 lines
1.2 KiB
Plaintext
- Teach praudit how to general XML format BSM streams.
|
|
- Teach libbsm about any additional 64-bit token types that are present
|
|
in more recent Solaris versions.
|
|
- Build a regression test suite for libbsm that generates each token
|
|
type and then compares the results with known good data. Make sure to
|
|
test that things work properly with respect to endianness of the local
|
|
platform.
|
|
- Document contents of libbsm "public" data structures in libbsm man pages.
|
|
- The audit.log.5 man page is incomplete, as it does not describe all
|
|
token types.
|
|
- With the move to autoconf/automake, man page symlinks are no longer
|
|
installed. This needs to be fixed.
|
|
- It might be desirable to be able to provide EOPNOTSUPP system call stubs
|
|
on systems that don't have the necessary audit system calls; that would
|
|
allow the full libbsm and tool set to build, just not run.
|
|
- Teach praudit how to begin printing at any point in a token stream, not
|
|
just at the beginning of a record. This will make it easier to use
|
|
praudit in test suites processing single-token files without header and
|
|
trailer context.
|
|
- Put hostname in trail file name.
|
|
- Document audit_warn event arguments.
|
|
|
|
$P4: //depot/projects/trustedbsd/openbsm/TODO#8 $
|