This commit was generated by cvs2svn to compensate for changes in r162621,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
commit
b3a9bf4df7
@ -1,3 +1,24 @@
|
||||
OpenBSM 1.0 alpha 12
|
||||
|
||||
- Correct bug in auditreduce which prevented the -c option from working
|
||||
correctly when the user specifies to process successful or failed events.
|
||||
The problem stemmed from not having access to the return token at the time
|
||||
the initial preselection occurred, but now a second preselection process
|
||||
occurs while processing the return token.
|
||||
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
|
||||
which auditd(8) now sets the kernel audit trail rotation size to.
|
||||
- auditreduce(1) now uses stdin if no file names are specified on the command
|
||||
line; this was the documented behavior previously, but it was not
|
||||
implemented. Be more specific in auditreduce(1)'s examples section about
|
||||
what might be done with the output of auditreduce.
|
||||
- Add audit_warn(5) closefile event so that administrators can hook
|
||||
termination of an audit trail file. For example, this might be used to
|
||||
compress the trail file after it is closed.
|
||||
- auditreduce(1) now uses regular expressions for pathname matching. Users can
|
||||
now supply one or more (comma delimited) regular expressions for searching
|
||||
the pathnames. If one of the regular expressions is prefixed with a tilde
|
||||
(~), and a path matches, it will be excluded from the search results.
|
||||
|
||||
OpenBSM 1.0 alpha 11
|
||||
|
||||
- Reclassify certain read/write operations as having no class rather than the
|
||||
@ -243,4 +264,4 @@ OpenBSM 1.0 alpha 1
|
||||
to support reloading of kernel event table.
|
||||
- Allow comments in /etc/security configuration files.
|
||||
|
||||
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#33 $
|
||||
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#39 $
|
||||
|
@ -17,10 +17,7 @@
|
||||
just at the beginning of a record. This will make it easier to use
|
||||
praudit in test suites processing single-token files without header and
|
||||
trailer context.
|
||||
- Teach auditd how to notify a script when it is done with trail files so
|
||||
that the script can archive them, compress them, delete them, whatever.
|
||||
It should walk any trail files found at startup also, assuming it
|
||||
successfully registers.
|
||||
- Put hostname in trail file name.
|
||||
- Document audit_warn event arguments.
|
||||
|
||||
$P4: //depot/projects/trustedbsd/openbsm/TODO#7 $
|
||||
$P4: //depot/projects/trustedbsd/openbsm/TODO#8 $
|
||||
|
@ -1 +1 @@
|
||||
OPENBSM_1_0_ALPHA_11
|
||||
OPENBSM_1_0_ALPHA_12
|
||||
|
@ -30,7 +30,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#6 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -124,6 +124,21 @@ audit_warn_auditoff(void)
|
||||
return (auditwarnlog(args));
|
||||
}
|
||||
|
||||
/*
|
||||
* Indicate that a trail file has been closed, so can now be post-processed.
|
||||
*/
|
||||
int
|
||||
audit_warn_closefile(char *filename)
|
||||
{
|
||||
char *args[3];
|
||||
|
||||
args[0] = CLOSEFILE_WARN;
|
||||
args[1] = filename;
|
||||
args[2] = NULL;
|
||||
|
||||
return (auditwarnlog(args));
|
||||
}
|
||||
|
||||
/*
|
||||
* Indicates that the audit deammn is already running
|
||||
*/
|
||||
|
@ -30,7 +30,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -163,9 +163,11 @@ close_lastfile(char *TS)
|
||||
syslog(LOG_ERR,
|
||||
"Could not rename %s to %s: %m", oldname,
|
||||
lastfile);
|
||||
else
|
||||
else {
|
||||
syslog(LOG_INFO, "renamed %s to %s",
|
||||
oldname, lastfile);
|
||||
audit_warn_closefile(lastfile);
|
||||
}
|
||||
}
|
||||
free(lastfile);
|
||||
free(oldname);
|
||||
@ -727,6 +729,8 @@ config_audit_controls(void)
|
||||
char naeventstr[NA_EVENT_STR_SIZE];
|
||||
char polstr[POL_STR_SIZE];
|
||||
long policy;
|
||||
au_fstat_t au_fstat;
|
||||
size_t filesz;
|
||||
|
||||
/*
|
||||
* Process the audit event file, obtaining a class mapping for each
|
||||
@ -806,6 +810,17 @@ config_audit_controls(void)
|
||||
"Failed to set default audit policy: %m");
|
||||
}
|
||||
|
||||
/*
|
||||
* Set trail rotation size.
|
||||
*/
|
||||
if (getacfilesz(&filesz) == 0) {
|
||||
bzero(&au_fstat, sizeof(au_fstat));
|
||||
au_fstat.af_filesz = filesz;
|
||||
if (auditon(A_SETFSIZE, &au_fstat, sizeof(au_fstat)) < 0)
|
||||
syslog(LOG_ERR, "Failed to set filesz: %m");
|
||||
} else
|
||||
syslog(LOG_ERR, "Failed to obtain filesz: %m");
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -30,7 +30,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 $
|
||||
*/
|
||||
|
||||
#ifndef _AUDITD_H_
|
||||
@ -62,6 +62,7 @@ struct dir_ent {
|
||||
#define HARDLIM_ALL_WARN "allhard"
|
||||
#define SOFTLIM_ALL_WARN "allsoft"
|
||||
#define AUDITOFF_WARN "auditoff"
|
||||
#define CLOSEFILE_WARN "closefile"
|
||||
#define EBUSY_WARN "ebusy"
|
||||
#define GETACDIR_WARN "getacdir"
|
||||
#define HARDLIM_WARN "hard"
|
||||
@ -76,6 +77,7 @@ struct dir_ent {
|
||||
int audit_warn_allhard(int count);
|
||||
int audit_warn_allsoft(void);
|
||||
int audit_warn_auditoff(void);
|
||||
int audit_warn_closefile(char *filename);
|
||||
int audit_warn_ebusy(void);
|
||||
int audit_warn_getacdir(char *filename);
|
||||
int audit_warn_hard(char *filename);
|
||||
|
@ -25,7 +25,7 @@
|
||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#10 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#12 $
|
||||
.\"
|
||||
.Dd January 24, 2004
|
||||
.Dt AUDITREDUCE 1
|
||||
@ -105,12 +105,17 @@ for a description of audit event names and numbers.
|
||||
.It Fl o Ar object=value
|
||||
.Bl -tag -width Ds
|
||||
.It Nm file
|
||||
Select records containing the given path name.
|
||||
file="/usr" matches paths
|
||||
starting with
|
||||
.Pa usr .
|
||||
file="~/usr" matches paths not starting with
|
||||
.Pa usr .
|
||||
Select records containing path tokens, where the pathname matches
|
||||
one of the comma delimited extended regular expression contained in
|
||||
given specification.
|
||||
Regular expressions which are prefixed with a tilde (~) are excluded
|
||||
from the search results.
|
||||
These extended regular expressions are processed from left to right,
|
||||
and a path will either be selected or deslected based on the first match.
|
||||
.Pp
|
||||
Since commas are used to delimit the regular expressions, a backslash (\\)
|
||||
character should be used to escape the comma if it's a part of the search
|
||||
pattern.
|
||||
.It Nm msgqid
|
||||
Select records containing the given message queue id.
|
||||
.It Nm pid
|
||||
@ -136,6 +141,30 @@ events from that log:
|
||||
.Pp
|
||||
.Nm
|
||||
-m AUE_SETLOGIN /var/audit/20031016184719.20031017122634
|
||||
.Pp
|
||||
Output from the above command lines will typically be piped to a new trail
|
||||
file, or via standard output to the
|
||||
.Xr praudit 1
|
||||
command.
|
||||
.Pp
|
||||
Select all records containing a path token where the pathname contains
|
||||
.Pa /etc/master.passwd
|
||||
.Pp
|
||||
.Nm
|
||||
-ofile="/etc/master.passwd" /var/audit/20031016184719.20031017122634
|
||||
.Pp
|
||||
Select all records containing path tokens, where the pathname is a TTY
|
||||
device:
|
||||
.Pp
|
||||
.Nm
|
||||
-ofile="/dev/tty[a-zA-Z][0-9]+" /var/audit/20031016184719.20031017122634
|
||||
.Pp
|
||||
Select all records containing path tokens, where the pathname is a TTY
|
||||
except for
|
||||
.Pa /dev/ttyp2
|
||||
.Pp
|
||||
.Nm
|
||||
-ofile="~/dev/ttyp2,/dev/tty[a-zA-Z][0-9]+" /var/audit/20031016184719.20031017122634
|
||||
.Sh SEE ALSO
|
||||
.Xr praudit 1 ,
|
||||
.Xr audit_control 5 ,
|
||||
|
@ -26,7 +26,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#14 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#18 $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -40,6 +40,13 @@
|
||||
* XXX the records present within the file and between the files themselves
|
||||
*/
|
||||
|
||||
#include <config/config.h>
|
||||
#ifdef HAVE_FULL_QUEUE_H
|
||||
#include <sys/queue.h>
|
||||
#else
|
||||
#include <compat/queue.h>
|
||||
#endif
|
||||
|
||||
#include <bsm/libbsm.h>
|
||||
|
||||
#include <err.h>
|
||||
@ -51,9 +58,14 @@
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <regex.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "auditreduce.h"
|
||||
|
||||
static TAILQ_HEAD(tailhead, re_entry) re_head =
|
||||
TAILQ_HEAD_INITIALIZER(re_head);
|
||||
|
||||
extern char *optarg;
|
||||
extern int optind, optopt, opterr,optreset;
|
||||
|
||||
@ -80,11 +92,58 @@ static char *p_sockobj = NULL;
|
||||
|
||||
static uint32_t opttochk = 0;
|
||||
|
||||
static void
|
||||
parse_regexp(char *re_string)
|
||||
{
|
||||
char *orig, *copy, re_error[64];
|
||||
struct re_entry *rep;
|
||||
int error, nstrs, i, len;
|
||||
|
||||
copy = strdup(re_string);
|
||||
orig = copy;
|
||||
len = strlen(copy);
|
||||
for (nstrs = 0, i = 0; i < len; i++) {
|
||||
if (copy[i] == ',' && i > 0) {
|
||||
if (copy[i - 1] == '\\')
|
||||
strcpy(©[i - 1], ©[i]);
|
||||
else {
|
||||
nstrs++;
|
||||
copy[i] = '\0';
|
||||
}
|
||||
}
|
||||
}
|
||||
TAILQ_INIT(&re_head);
|
||||
for (i = 0; i < nstrs + 1; i++) {
|
||||
rep = calloc(1, sizeof(*rep));
|
||||
if (rep == NULL) {
|
||||
(void) fprintf(stderr, "calloc: %s\n",
|
||||
strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
if (*copy == '~') {
|
||||
copy++;
|
||||
rep->re_negate = 1;
|
||||
}
|
||||
rep->re_pattern = strdup(copy);
|
||||
error = regcomp(&rep->re_regexp, rep->re_pattern,
|
||||
REG_EXTENDED | REG_NOSUB);
|
||||
if (error != 0) {
|
||||
regerror(error, &rep->re_regexp, re_error, 64);
|
||||
(void) fprintf(stderr, "regcomp: %s\n", re_error);
|
||||
exit(1);
|
||||
}
|
||||
TAILQ_INSERT_TAIL(&re_head, rep, re_glue);
|
||||
len = strlen(copy);
|
||||
copy += len + 1;
|
||||
}
|
||||
free(orig);
|
||||
}
|
||||
|
||||
static void
|
||||
usage(const char *msg)
|
||||
{
|
||||
fprintf(stderr, "%s\n", msg);
|
||||
fprintf(stderr, "Usage: auditreduce [options] audit-trail-file [....] \n");
|
||||
fprintf(stderr, "Usage: auditreduce [options] [file ...]\n");
|
||||
fprintf(stderr, "\tOptions are : \n");
|
||||
fprintf(stderr, "\t-A : all records\n");
|
||||
fprintf(stderr, "\t-a YYYYMMDD[HH[[MM[SS]]] : after date\n");
|
||||
@ -258,23 +317,20 @@ select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd)
|
||||
static int
|
||||
select_filepath(char *path, uint32_t *optchkd)
|
||||
{
|
||||
char *loc;
|
||||
struct re_entry *rep;
|
||||
int match;
|
||||
|
||||
SETOPT((*optchkd), OPT_of);
|
||||
match = 1;
|
||||
if (ISOPTSET(opttochk, OPT_of)) {
|
||||
if (p_fileobj[0] == '~') {
|
||||
/* Object should not be in path. */
|
||||
loc = strstr(path, p_fileobj + 1);
|
||||
if ((loc != NULL) && (loc == path))
|
||||
return (0);
|
||||
} else {
|
||||
/* Object should be in path. */
|
||||
loc = strstr(path, p_fileobj);
|
||||
if ((loc == NULL) || (loc != path))
|
||||
return (0);
|
||||
match = 0;
|
||||
TAILQ_FOREACH(rep, &re_head, re_glue) {
|
||||
if (regexec(&rep->re_regexp, path, 0, NULL,
|
||||
0) != REG_NOMATCH)
|
||||
return (!rep->re_negate);
|
||||
}
|
||||
}
|
||||
return (1);
|
||||
return (match);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -328,6 +384,24 @@ select_hdr32(tokenstr_t tok, uint32_t *optchkd)
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
select_return32(tokenstr_t tok_ret32, tokenstr_t tok_hdr32, uint32_t *optchkd)
|
||||
{
|
||||
int sorf;
|
||||
|
||||
SETOPT((*optchkd), (OPT_c));
|
||||
if (tok_ret32.tt.ret32.status == 0)
|
||||
sorf = AU_PRS_SUCCESS;
|
||||
else
|
||||
sorf = AU_PRS_FAILURE;
|
||||
if (ISOPTSET(opttochk, OPT_c)) {
|
||||
if (au_preselect(tok_hdr32.tt.hdr32.e_type, &maskp, sorf,
|
||||
AU_PRS_USECACHE) != 1)
|
||||
return (0);
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Return 1 if checks for the the following succeed
|
||||
* auid,
|
||||
@ -395,6 +469,7 @@ select_subj32(tokenstr_t tok, uint32_t *optchkd)
|
||||
static int
|
||||
select_records(FILE *fp)
|
||||
{
|
||||
tokenstr_t tok_hdr32_copy;
|
||||
u_char *buf;
|
||||
tokenstr_t tok;
|
||||
int reclen;
|
||||
@ -423,6 +498,8 @@ select_records(FILE *fp)
|
||||
case AU_HEADER_32_TOKEN:
|
||||
selected = select_hdr32(tok,
|
||||
&optchkd);
|
||||
bcopy(&tok, &tok_hdr32_copy,
|
||||
sizeof(tok));
|
||||
break;
|
||||
|
||||
case AU_PROCESS_32_TOKEN:
|
||||
@ -451,6 +528,11 @@ select_records(FILE *fp)
|
||||
tok.tt.path.path, &optchkd);
|
||||
break;
|
||||
|
||||
case AU_RETURN_32_TOKEN:
|
||||
selected = select_return32(tok,
|
||||
tok_hdr32_copy, &optchkd);
|
||||
break;
|
||||
|
||||
/*
|
||||
* The following tokens dont have any relevant
|
||||
* attributes that we can select upon.
|
||||
@ -465,7 +547,6 @@ select_records(FILE *fp)
|
||||
case AU_IPCPERM_TOKEN:
|
||||
case AU_IPORT_TOKEN:
|
||||
case AU_OPAQUE_TOKEN:
|
||||
case AU_RETURN_32_TOKEN:
|
||||
case AU_SEQ_TOKEN:
|
||||
case AU_TEXT_TOKEN:
|
||||
case AU_ARB_TOKEN:
|
||||
@ -500,6 +581,7 @@ parse_object_type(char *name, char *val)
|
||||
|
||||
if (!strcmp(name, FILEOBJ)) {
|
||||
p_fileobj = val;
|
||||
parse_regexp(val);
|
||||
SETOPT(opttochk, OPT_of);
|
||||
} else if (!strcmp(name, MSGQIDOBJ)) {
|
||||
p_msgqobj = val;
|
||||
@ -679,8 +761,12 @@ main(int argc, char **argv)
|
||||
argv += optind;
|
||||
argc -= optind;
|
||||
|
||||
if (argc == 0)
|
||||
usage("Filename needed");
|
||||
if (argc == 0) {
|
||||
if (select_records(stdin) == -1)
|
||||
errx(EXIT_FAILURE,
|
||||
"Couldn't select records from stdin");
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
/*
|
||||
* XXX: We should actually be merging records here.
|
||||
|
@ -26,13 +26,20 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#4 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#5 $
|
||||
*/
|
||||
|
||||
#ifndef _AUDITREDUCE_H_
|
||||
#define _AUDITREDUCE_H_
|
||||
|
||||
|
||||
struct re_entry {
|
||||
char *re_pattern;
|
||||
int re_negate;
|
||||
regex_t re_regexp;
|
||||
TAILQ_ENTRY(re_entry) re_glue;
|
||||
};
|
||||
|
||||
#define OPT_a 0x00000001
|
||||
#define OPT_b 0x00000002
|
||||
#define OPT_c 0x00000004
|
||||
|
@ -26,7 +26,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#30 $
|
||||
*/
|
||||
|
||||
#ifndef _LIBBSM_H_
|
||||
@ -78,6 +78,7 @@
|
||||
|
||||
#define DIR_CONTROL_ENTRY "dir"
|
||||
#define MINFREE_CONTROL_ENTRY "minfree"
|
||||
#define FILESZ_CONTROL_ENTRY "filesz"
|
||||
#define FLAGS_CONTROL_ENTRY "flags"
|
||||
#define NA_CONTROL_ENTRY "naflags"
|
||||
#define POLICY_CONTROL_ENTRY "policy"
|
||||
@ -719,6 +720,7 @@ void setac(void);
|
||||
void endac(void);
|
||||
int getacdir(char *name, int len);
|
||||
int getacmin(int *min_val);
|
||||
int getacfilesz(size_t *size_val);
|
||||
int getacflg(char *auditstr, int len);
|
||||
int getacna(char *auditstr, int len);
|
||||
int getacpol(char *auditstr, size_t len);
|
||||
|
22
contrib/openbsm/configure
vendored
22
contrib/openbsm/configure
vendored
@ -1,7 +1,7 @@
|
||||
#! /bin/sh
|
||||
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 .
|
||||
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#32 .
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a11.
|
||||
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a12.
|
||||
#
|
||||
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
|
||||
#
|
||||
@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='OpenBSM'
|
||||
PACKAGE_TARNAME='openbsm'
|
||||
PACKAGE_VERSION='1.0a11'
|
||||
PACKAGE_STRING='OpenBSM 1.0a11'
|
||||
PACKAGE_VERSION='1.0a12'
|
||||
PACKAGE_STRING='OpenBSM 1.0a12'
|
||||
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
|
||||
|
||||
ac_unique_file="bin/auditreduce/auditreduce.c"
|
||||
@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures OpenBSM 1.0a11 to adapt to many kinds of systems.
|
||||
\`configure' configures OpenBSM 1.0a12 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1021,7 +1021,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of OpenBSM 1.0a11:";;
|
||||
short | recursive ) echo "Configuration of OpenBSM 1.0a12:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1162,7 +1162,7 @@ fi
|
||||
test -n "$ac_init_help" && exit 0
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
OpenBSM configure 1.0a11
|
||||
OpenBSM configure 1.0a12
|
||||
generated by GNU Autoconf 2.59
|
||||
|
||||
Copyright (C) 2003 Free Software Foundation, Inc.
|
||||
@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by OpenBSM $as_me 1.0a11, which was
|
||||
It was created by OpenBSM $as_me 1.0a12, which was
|
||||
generated by GNU Autoconf 2.59. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -19278,7 +19278,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE=OpenBSM
|
||||
VERSION=1.0a11
|
||||
VERSION=1.0a12
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@ -23479,7 +23479,7 @@ _ASBOX
|
||||
} >&5
|
||||
cat >&5 <<_CSEOF
|
||||
|
||||
This file was extended by OpenBSM $as_me 1.0a11, which was
|
||||
This file was extended by OpenBSM $as_me 1.0a12, which was
|
||||
generated by GNU Autoconf 2.59. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -23542,7 +23542,7 @@ _ACEOF
|
||||
|
||||
cat >>$CONFIG_STATUS <<_ACEOF
|
||||
ac_cs_version="\\
|
||||
OpenBSM config.status 1.0a11
|
||||
OpenBSM config.status 1.0a12
|
||||
configured by $0, generated by GNU Autoconf 2.59,
|
||||
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
|
||||
|
||||
|
@ -2,8 +2,8 @@
|
||||
# Process this file with autoconf to produce a configure script.
|
||||
|
||||
AC_PREREQ(2.59)
|
||||
AC_INIT([OpenBSM], [1.0a11], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
||||
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 $])
|
||||
AC_INIT([OpenBSM], [1.0a12], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
||||
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#32 $])
|
||||
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
|
||||
AC_CONFIG_AUX_DIR(config)
|
||||
AC_CONFIG_HEADER([config/config.h])
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\"-
|
||||
.\" Copyright (c) 2005 Robert N. M. Watson
|
||||
.\" Copyright (c) 2005-2006 Robert N. M. Watson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@ -23,7 +23,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#5 $
|
||||
.\"
|
||||
.Dd April 19, 2005
|
||||
.Dt AU_CONTROL 3
|
||||
@ -33,6 +33,7 @@
|
||||
.Nm endac ,
|
||||
.Nm getacdir ,
|
||||
.Nm getacmin ,
|
||||
.Nm getacfilesz ,
|
||||
.Nm getacflg ,
|
||||
.Nm getacna ,
|
||||
.Nm getacpol ,
|
||||
@ -52,6 +53,8 @@
|
||||
.Ft int
|
||||
.Fn getacmin "int *min_val"
|
||||
.Ft int
|
||||
.Fn getacfilesz "size_t *size_val"
|
||||
.Ft int
|
||||
.Fn getacflg "char *auditstr" "int len"
|
||||
.Ft int
|
||||
.Fn getacna "char *auditstr" "int len"
|
||||
@ -88,6 +91,10 @@ the passed
|
||||
.Va min_val
|
||||
variable.
|
||||
.Pp
|
||||
.Fn getacfilesz
|
||||
returns the audit trail rotation size in the passed size_t buffer
|
||||
.Fa size_val .
|
||||
.Pp
|
||||
.Fn getacflg
|
||||
returns the audit system flags via the the passed character buffer
|
||||
.Va auditstr
|
||||
|
@ -27,7 +27,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#15 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#16 $
|
||||
*/
|
||||
|
||||
#include <bsm/libbsm.h>
|
||||
@ -395,6 +395,46 @@ getacmin(int *min_val)
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the desired trail rotation size from the audit control file.
|
||||
*/
|
||||
int
|
||||
getacfilesz(size_t *filesz_val)
|
||||
{
|
||||
char *filesz, *dummy;
|
||||
long long ll;
|
||||
|
||||
pthread_mutex_lock(&mutex);
|
||||
setac_locked();
|
||||
if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
|
||||
pthread_mutex_unlock(&mutex);
|
||||
return (-2);
|
||||
}
|
||||
if (filesz == NULL) {
|
||||
pthread_mutex_unlock(&mutex);
|
||||
errno = EINVAL;
|
||||
return (1);
|
||||
}
|
||||
ll = strtoll(filesz, &dummy, 10);
|
||||
if (*dummy != '\0') {
|
||||
pthread_mutex_unlock(&mutex);
|
||||
errno = EINVAL;
|
||||
return (-1);
|
||||
}
|
||||
/*
|
||||
* The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE. 0
|
||||
* indicates no rotation size.
|
||||
*/
|
||||
if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
|
||||
pthread_mutex_unlock(&mutex);
|
||||
errno = EINVAL;
|
||||
return (-1);
|
||||
}
|
||||
*filesz_val = ll;
|
||||
pthread_mutex_unlock(&mutex);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the system audit value from the audit contol file.
|
||||
*/
|
||||
|
@ -23,7 +23,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#7 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#8 $
|
||||
.\"
|
||||
.Dd April 19, 2005
|
||||
.Dt LIBBSM 3
|
||||
@ -84,6 +84,7 @@ database:
|
||||
.Xr endac 3 ,
|
||||
.Xr setac 3 ,
|
||||
.Xr getacdir 3 ,
|
||||
.Xr getacfilesz 3 ,
|
||||
.Xr getacflg 3 ,
|
||||
.Xr getacmin 3 ,
|
||||
.Xr getacna 3 ,
|
||||
|
@ -1,4 +1,5 @@
|
||||
.\" Copyright (c) 2004 Apple Computer, Inc.
|
||||
.\" Copyright (c) 2006 Robert N. M. Watson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@ -25,7 +26,7 @@
|
||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#13 $
|
||||
.\"
|
||||
.Dd January 4, 2006
|
||||
.Dt AUDIT_CONTROL 5
|
||||
@ -66,6 +67,12 @@ Not currently used as the value of 20 percent is chosen by the kernel.
|
||||
.It Va policy
|
||||
A list of global audit policy flags specifying various behaviors, such as
|
||||
fail stop, auditing of paths and arguments, etc.
|
||||
.It Va filesz
|
||||
Maximum trail size in bytes; if set to a non-0 value, the audit daemon will
|
||||
rotate the audit trail file at around this size.
|
||||
Sizes less than the minimum trail size (default of 512K) will be rejected as
|
||||
invalid.
|
||||
If 0, trail files will not be automatically rotated based on file size.
|
||||
.El
|
||||
.Sh AUDIT FLAGS
|
||||
Audit flags are a comma-delimited list of audit classes as defined in the
|
||||
@ -78,12 +85,14 @@ Event classes may be preceded by a prefix which changes their interpretation.
|
||||
The following prefixes may be used for each class:
|
||||
.Pp
|
||||
.Bl -tag -width Ds -compact -offset indent
|
||||
.It (none)
|
||||
Record both successful and failed events
|
||||
.It +
|
||||
Record successful events
|
||||
.It -
|
||||
Record failed events
|
||||
.It ^
|
||||
Record both successful and failed events
|
||||
Record neither successful nor failed events
|
||||
.It ^+
|
||||
Do not record successful events
|
||||
.It ^-
|
||||
@ -146,6 +155,7 @@ flags:lo
|
||||
minfree:20
|
||||
naflags:lo
|
||||
policy:cnt
|
||||
filesz:0
|
||||
.Ed
|
||||
.Pp
|
||||
The
|
||||
@ -156,7 +166,8 @@ The
|
||||
.Va policy
|
||||
parameter specifies that the system should neither fail stop nor suspend
|
||||
processes when the audit store fills.
|
||||
will be audited.
|
||||
The trail file will not be automatically rotated by the audit daemon based on
|
||||
file size.
|
||||
.Sh FILES
|
||||
.Bl -tag -width "/etc/security/audit_control" -compact
|
||||
.It Pa /etc/security/audit_control
|
||||
|
Loading…
Reference in New Issue
Block a user