bb97b41819
notes since the last import: OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - Improve auditd debugging output. - Fix a number of threading related bugs in audit_control file reading routines. - Add APIs au_poltostr() and au_strtopol() to convert between text representations of audit_control policy flags and the flags passed to auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). - Add API getacpol() to return the 'policy:' entry from audit_control, an extension to the Solaris file format to allow specification of policy persistent flags. - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. If a policy line is not found in the configuration file, continue with the current default of setting AUDIT_CNT. - Fix bugs in the parsing of large execve(2) arguments and environmental variable tokens; increase maximum parsed argument and variable count. - configure now detects strlcat(), used by policy-related functions. - Reference token and record sample files added to test tree. Obtained from: TrustedBSD Project
27 lines
1.4 KiB
Plaintext
27 lines
1.4 KiB
Plaintext
- Teach praudit how to general XML format BSM streams.
|
|
- Teach libbsm about any additional 64-bit token types that are present
|
|
in more recent Solaris versions.
|
|
- Build a regression test suite for libbsm that generates each token
|
|
type and then compares the results with known good data. Make sure to
|
|
test that things work properly with respect to endianness of the local
|
|
platform.
|
|
- Document contents of libbsm "public" data structures in libbsm man pages.
|
|
- The audit.log.5 man page is incomplete, as it does not describe all
|
|
token types.
|
|
- With the move to autoconf/automake, man page symlinks are no longer
|
|
installed. This needs to be fixed.
|
|
- It might be desirable to be able to provide EOPNOTSUPP system call stubs
|
|
on systems that don't have the necessary audit system calls; that would
|
|
allow the full libbsm and tool set to build, just not run.
|
|
- Teach praudit how to begin printing at any point in a token stream, not
|
|
just at the beginning of a record. This will make it easier to use
|
|
praudit in test suites processing single-token files without header and
|
|
trailer context.
|
|
- Teach auditd how to notify a script when it is done with trail files so
|
|
that the script can archive them, compress them, delete them, whatever.
|
|
It should walk any trail files found at startup also, assuming it
|
|
successfully registers.
|
|
- Put hostname in trail file name.
|
|
|
|
$P4: //depot/projects/trustedbsd/openbsm/TODO#7 $
|