506764c6f6
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. - Define a new API, au_to_header32_tm(), which adds a struct timeval argument to the ordinary au_to_header32(), which is now implemented by wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL the APIs that invoke gettimeofday(), rather than having a variable definition. Don't try to retrieve time zone information using gettimeofday(), as it's not needed, and introduces possible failure modes. - Don't perform byte order transformations on the addr/machine fields of the terminal ID that appears in the process32/subject32 tokens. These are assumed to be IP addresses, and as such, to be in network byte order. - Universally, APIs now assume that IP addresses and ports are provided in network byte order. APIs now generally provide these types in network byte order when decoding. - Beginnings of an OpenBSM test framework can now be found in openbsm/test. This code is not built or installed by default. - auditd now assigns more appropriate syslog levels to its debugging and error information. - Support for audit filters introduced: audit filters are dynamically loaded shared objects that run in the context of a new daemon, auditfilterd. The daemon reads from an audit pipe and feeds both BSM and parsed versions of records to shared objects using a module API. This will provide a framework for the writing of intrusion detection services. - New utility API, audit_submit(), added to capture common elements of audit record submission for many applications. Obtained from: TrustedBSD Project
114 lines
2.9 KiB
Plaintext
114 lines
2.9 KiB
Plaintext
# -*- Autoconf -*-
|
|
# Process this file with autoconf to produce a configure script.
|
|
|
|
AC_PREREQ(2.59)
|
|
AC_INIT([OpenBSM], [1.0a6], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
|
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 $])
|
|
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
|
|
AC_CONFIG_AUX_DIR(config)
|
|
AC_CONFIG_HEADER([config/config.h])
|
|
AM_MAINTAINER_MODE
|
|
|
|
# Checks for programs.
|
|
AC_PROG_CC
|
|
AC_PROG_INSTALL
|
|
AC_PROG_LIBTOOL
|
|
|
|
AM_INIT_AUTOMAKE(AC_PACKAGE_NAME, AC_PACKAGE_VERSION)
|
|
|
|
AC_SEARCH_LIBS(dlsym, dl)
|
|
AC_SEARCH_LIBS(clock_gettime, rt)
|
|
|
|
# Checks for header files.
|
|
AC_HEADER_STDC
|
|
AC_HEADER_SYS_WAIT
|
|
AC_CHECK_HEADERS([endian.h mach/mach.h machine/endian.h sys/endian.h])
|
|
|
|
# Checks for typedefs, structures, and compiler characteristics.
|
|
AC_C_CONST
|
|
AC_TYPE_UID_T
|
|
AC_TYPE_PID_T
|
|
AC_TYPE_SIZE_T
|
|
AC_CHECK_MEMBERS([struct stat.st_rdev])
|
|
|
|
AC_CHECK_MEMBER([struct ipc_perm.__key],
|
|
[AC_DEFINE(HAVE_IPC_PERM___KEY,, Define if ipc_perm.__key instead of key)],
|
|
[],[
|
|
#include <sys/types.h>
|
|
#include <sys/ipc.h>
|
|
])
|
|
|
|
AC_CHECK_MEMBER([struct ipc_perm.__seq],
|
|
[AC_DEFINE(HAVE_IPC_PERM___SEQ,, Define if ipc_perm.__seq instead of seq)],
|
|
[],[
|
|
#include <sys/types.h>
|
|
#include <sys/ipc.h>
|
|
])
|
|
|
|
AC_HEADER_TIME
|
|
AC_STRUCT_TM
|
|
|
|
# Checks for library functions.
|
|
AC_FUNC_CHOWN
|
|
AC_FUNC_FORK
|
|
AC_FUNC_MALLOC
|
|
AC_FUNC_MKTIME
|
|
AC_TYPE_SIGNAL
|
|
AC_FUNC_STAT
|
|
AC_FUNC_STRFTIME
|
|
AC_CHECK_FUNCS([bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
|
|
|
|
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
|
|
# test for LIST_FIRST, which appears to not exist in all of them, and is
|
|
# necessary for OpenBSM.
|
|
AC_TRY_LINK([
|
|
#include <sys/queue.h>
|
|
], [
|
|
struct foo {
|
|
LIST_ENTRY(foo) foo_entries;
|
|
};
|
|
LIST_HEAD(, foo) foo_list;
|
|
struct foo *foo;
|
|
|
|
foo = LIST_FIRST(&foo_list);
|
|
], [
|
|
AC_DEFINE(HAVE_FULL_QUEUE_H,, Define if queue.h includes LIST_FIRST)
|
|
])
|
|
|
|
# Systems may not define key audit system calls, in which case libbsm cannot
|
|
# depend on them or it will generate link-time or run-time errors. Test for
|
|
# just one.
|
|
AC_TRY_LINK([
|
|
#include <stdlib.h>
|
|
|
|
extern int auditon(int, void *, int);
|
|
], [
|
|
int err;
|
|
|
|
err = auditon(0, NULL, 0);
|
|
], [
|
|
AC_DEFINE(HAVE_AUDIT_SYSCALLS,, Define if audit system calls present)
|
|
have_audit_syscalls=true
|
|
], [
|
|
have_audit_syscalls=false
|
|
])
|
|
AM_CONDITIONAL(HAVE_AUDIT_SYSCALLS, $have_audit_syscalls)
|
|
|
|
AC_CONFIG_FILES([Makefile
|
|
bin/Makefile
|
|
bin/audit/Makefile
|
|
bin/auditd/Makefile
|
|
bin/auditfilterd/Makefile
|
|
bin/auditreduce/Makefile
|
|
bin/praudit/Makefile
|
|
bsm/Makefile
|
|
libbsm/Makefile
|
|
modules/Makefile
|
|
modules/auditfilter_noop/Makefile
|
|
man/Makefile
|
|
test/Makefile
|
|
test/bsm/Makefile
|
|
tools/Makefile])
|
|
|
|
AC_OUTPUT
|