ee5318d543
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens.
273 lines
6.1 KiB
C
273 lines
6.1 KiB
C
/*-
|
|
* Copyright (c) 2005-2006 Robert N. M. Watson
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#8 $
|
|
*/
|
|
|
|
#include <bsm/libbsm.h>
|
|
#include <string.h>
|
|
#include <err.h>
|
|
#include <limits.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
/*
|
|
* Simple tool to dump various /etc/security databases using the defined APIs.
|
|
*/
|
|
|
|
static void
|
|
usage(void)
|
|
{
|
|
|
|
fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|"
|
|
"user|user_r]\n");
|
|
exit(-1);
|
|
}
|
|
|
|
static void
|
|
audump_class(void)
|
|
{
|
|
au_class_ent_t *cp;
|
|
|
|
while ((cp = getauclassent()) != NULL)
|
|
printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
|
|
cp->ac_desc);
|
|
}
|
|
|
|
static void
|
|
audump_class_r(void)
|
|
{
|
|
char class_ent_name[AU_CLASS_NAME_MAX];
|
|
char class_ent_desc[AU_CLASS_DESC_MAX];
|
|
au_class_ent_t c, *cp;
|
|
|
|
bzero(&c, sizeof(c));
|
|
bzero(class_ent_name, sizeof(class_ent_name));
|
|
bzero(class_ent_desc, sizeof(class_ent_desc));
|
|
c.ac_name = class_ent_name;
|
|
c.ac_desc = class_ent_desc;
|
|
|
|
while ((cp = getauclassent_r(&c)) != NULL)
|
|
printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
|
|
cp->ac_desc);
|
|
}
|
|
|
|
static void
|
|
audump_control(void)
|
|
{
|
|
char string[PATH_MAX], string2[PATH_MAX];
|
|
int ret, val;
|
|
long policy;
|
|
time_t age;
|
|
size_t size;
|
|
|
|
ret = getacflg(string, PATH_MAX);
|
|
if (ret == -2)
|
|
err(-1, "getacflg");
|
|
if (ret != 0)
|
|
errx(-1, "getacflg: %d", ret);
|
|
|
|
printf("flags:%s\n", string);
|
|
|
|
ret = getacmin(&val);
|
|
if (ret == -2)
|
|
err(-1, "getacmin");
|
|
if (ret != 0)
|
|
errx(-1, "getacmin: %d", ret);
|
|
|
|
printf("min:%d\n", val);
|
|
|
|
ret = getacna(string, PATH_MAX);
|
|
if (ret == -2)
|
|
err(-1, "getacna");
|
|
if (ret != 0)
|
|
errx(-1, "getacna: %d", ret);
|
|
|
|
printf("naflags:%s\n", string);
|
|
|
|
setac();
|
|
do {
|
|
ret = getacdir(string, PATH_MAX);
|
|
if (ret == -1)
|
|
break;
|
|
if (ret == -2)
|
|
err(-1, "getacdir");
|
|
if (ret != 0)
|
|
errx(-1, "getacdir: %d", ret);
|
|
printf("dir:%s\n", string);
|
|
|
|
} while (ret == 0);
|
|
|
|
ret = getacpol(string, PATH_MAX);
|
|
if (ret != 0)
|
|
err(-1, "getacpol");
|
|
if (au_strtopol(string, &policy) < 0)
|
|
err(-1, "au_strtopol");
|
|
if (au_poltostr(policy, PATH_MAX, string2) < 0)
|
|
err(-1, "au_poltostr");
|
|
printf("policy:%s\n", string2);
|
|
|
|
ret = getacfilesz(&size);
|
|
if (ret == -2)
|
|
err(-1, "getacfilesz");
|
|
if (ret != 0)
|
|
err(-1, "getacfilesz: %d", ret);
|
|
|
|
printf("filesz:%ldB\n", size);
|
|
|
|
|
|
ret = getachost(string, PATH_MAX);
|
|
if (ret == -2)
|
|
err(-1, "getachost");
|
|
if (ret == -3)
|
|
err(-1, "getachost: %d", ret);
|
|
if (ret == 0 && ret != 1)
|
|
printf("host:%s\n", string);
|
|
|
|
ret = getacexpire(&val, &age, &size);
|
|
if (ret == -2)
|
|
err(-1, "getacexpire");
|
|
if (ret == -1)
|
|
err(-1, "getacexpire: %d", ret);
|
|
if (ret == 0 && ret != 1)
|
|
printf("expire-after:%ldB %s %lds\n", size,
|
|
val ? "AND" : "OR", age);
|
|
}
|
|
|
|
static void
|
|
printf_classmask(au_class_t classmask)
|
|
{
|
|
au_class_ent_t *c;
|
|
u_int32_t i;
|
|
int first;
|
|
|
|
first = 1;
|
|
for (i = 0; i < 32; i++) {
|
|
if (classmask & (2 << i)) {
|
|
if (first)
|
|
first = 0;
|
|
else
|
|
printf(",");
|
|
c = getauclassnum(2 << i);
|
|
if (c != NULL)
|
|
printf("%s", c->ac_name);
|
|
else
|
|
printf("0x%x", 2 << i);
|
|
}
|
|
}
|
|
}
|
|
|
|
static void
|
|
audump_event(void)
|
|
{
|
|
au_event_ent_t *ep;
|
|
|
|
while ((ep = getauevent()) != NULL) {
|
|
printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
|
|
printf_classmask(ep->ae_class);
|
|
printf("\n");
|
|
}
|
|
}
|
|
|
|
static void
|
|
audump_event_r(void)
|
|
{
|
|
char event_ent_name[AU_EVENT_NAME_MAX];
|
|
char event_ent_desc[AU_EVENT_DESC_MAX];
|
|
au_event_ent_t e, *ep;
|
|
|
|
bzero(&e, sizeof(e));
|
|
bzero(event_ent_name, sizeof(event_ent_name));
|
|
bzero(event_ent_desc, sizeof(event_ent_desc));
|
|
e.ae_name = event_ent_name;
|
|
e.ae_desc = event_ent_desc;
|
|
|
|
while ((ep = getauevent_r(&e)) != NULL) {
|
|
printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
|
|
printf_classmask(ep->ae_class);
|
|
printf("\n");
|
|
}
|
|
}
|
|
|
|
static void
|
|
audump_user(void)
|
|
{
|
|
au_user_ent_t *up;
|
|
|
|
while ((up = getauuserent()) != NULL) {
|
|
printf("%s:", up->au_name);
|
|
// printf_classmask(up->au_always);
|
|
printf(":");
|
|
// printf_classmask(up->au_never);
|
|
printf("\n");
|
|
}
|
|
}
|
|
|
|
static void
|
|
audump_user_r(void)
|
|
{
|
|
char user_ent_name[AU_USER_NAME_MAX];
|
|
au_user_ent_t u, *up;
|
|
|
|
bzero(&u, sizeof(u));
|
|
bzero(user_ent_name, sizeof(user_ent_name));
|
|
u.au_name = user_ent_name;
|
|
|
|
while ((up = getauuserent_r(&u)) != NULL) {
|
|
printf("%s:", up->au_name);
|
|
// printf_classmask(up->au_always);
|
|
printf(":");
|
|
// printf_classmask(up->au_never);
|
|
printf("\n");
|
|
}
|
|
}
|
|
|
|
int
|
|
main(int argc, char *argv[])
|
|
{
|
|
|
|
if (argc != 2)
|
|
usage();
|
|
|
|
if (strcmp(argv[1], "class") == 0)
|
|
audump_class();
|
|
else if (strcmp(argv[1], "class_r") == 0)
|
|
audump_class_r();
|
|
else if (strcmp(argv[1], "control") == 0)
|
|
audump_control();
|
|
else if (strcmp(argv[1], "event") == 0)
|
|
audump_event();
|
|
else if (strcmp(argv[1], "event_r") == 0)
|
|
audump_event_r();
|
|
else if (strcmp(argv[1], "user") == 0)
|
|
audump_user();
|
|
else if (strcmp(argv[1], "user_r") == 0)
|
|
audump_user_r();
|
|
else
|
|
usage();
|
|
|
|
return (0);
|
|
}
|