|
Revision tags: release/14.0.0, release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0 |
|
| #
c7aa572c |
| 31-Jul-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
17996960 |
| 31-Jul-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r363583 through r363738.
|
| #
3008333d |
| 28-Jul-2020 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Fixup some incorrect information and some comments. These changes
were cherry picked up the upstream OpenBSD repository. At some point we
will look at doing another import, but the diffs are substant
Fixup some incorrect information and some comments. These changes
were cherry picked up the upstream OpenBSD repository. At some point we
will look at doing another import, but the diffs are substantial and will
require some careful testing.
Differential Revision: https://reviews.freebsd.org/D25021
MFC after: 2 weeks
Submitted by: gbe
Reviewed by: myself, bcr
show more ...
|
|
Revision tags: release/11.4.0, release/12.1.0, release/11.3.0 |
|
| #
6d4db583 |
| 09-Jan-2019 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
In r316006 the getstrfromtype_locked() function was modified to return
an empty string, instead of NULL, if an entry is missing in the audit_control
file. Because of that change the getachost() funct
In r316006 the getstrfromtype_locked() function was modified to return
an empty string, instead of NULL, if an entry is missing in the audit_control
file. Because of that change the getachost() function started to return
success even if the host name was not defined in the audit_control.
This in turn led to auditd_hostlen always being set (for an empty host it was
set to 0). If auditd_hostlen was not equal to -1 we were trying to append
the host name to trail file name. All this led to situation where when host
name is not defined in audit_control, auditd will create trail files with
a leading '.', which breaks auditdistd as it doesn't work with longer audit
trail file names.
Fix this by appending host name to the trail file name only if the host name
is not empty.
show more ...
|
|
Revision tags: release/12.0.0 |
|
| #
6e3b0894 |
| 22-Jul-2018 |
Alan Somers <asomers@FreeBSD.org> |
auditd(8): Log a better error when no hostname is set in audit_control
Cherry-pick from https://github.com/openbsm/openbsm/commit/01ba03b
Reviewed by: cem
Obtained from: OpenBSM
MFC after: 2 weeks
auditd(8): Log a better error when no hostname is set in audit_control
Cherry-pick from https://github.com/openbsm/openbsm/commit/01ba03b
Reviewed by: cem
Obtained from: OpenBSM
MFC after: 2 weeks
Pull Request: https://github.com/openbsm/openbsm/pull/38
show more ...
|
|
Revision tags: release/11.2.0, release/10.4.0, release/11.1.0 |
|
| #
5e386598 |
| 26-Mar-2017 |
Robert Watson <rwatson@FreeBSD.org> |
Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
query it, allowing to set the kernel's maximum audit qu
Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
query it, allowing to set the kernel's maximum audit queue length.
- Add support to push a mapping between audit event names and event numbers
into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
auditon(2) operations.
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
system calls including those for asynchronous I/O, thread management, SCTP,
jails, multi-FIB support, and misc. POSIX interfaces such as
posix_fallocate(2) and posix_fadvise(2).
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
run sandboxed.
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).
Many thanks to Christian Brueffer for producing the OpenBSM release and
importing/tagging it in the vendor branch. This release will allow improved
auditing of a range of new FreeBSD functionality, as well as non-traditional
events (e.g., fine-grained I/O auditing) not required by the Orange Book or
Common Criteria.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, AFRL
MFC after: 3 weeks
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
b626f5a7 |
| 04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170
Sponsored by: The FreeBSD Foundation
|
| #
9a7cd2e6 |
| 22-Dec-2015 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFH @r292599
This includes the pluggable TCP framework and other chnages to the
netstack to track for VNET stability.
Security: The FreeBSD Foundation
|
| #
b6a05070 |
| 18-Dec-2015 |
Christian Brueffer <brueffer@FreeBSD.org> |
Merge OpenBSM 1.2 alpha 4.
MFC after: 2 weeks
Relnotes: yes
|
|
Revision tags: release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0 |
|
| #
cfe30d02 |
| 19-Jun-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge fresh head.
|
|
Revision tags: release/8.4.0 |
|
| #
d241a0e6 |
| 26-Feb-2013 |
Xin LI <delphij@FreeBSD.org> |
IFC @247348.
|
| #
d9a44755 |
| 08-Feb-2013 |
David E. O'Brien <obrien@FreeBSD.org> |
Sync with HEAD.
|
| #
32531ccb |
| 04-Dec-2012 |
Neel Natu <neel@FreeBSD.org> |
IFC @r243836
|
| #
aa772005 |
| 01-Dec-2012 |
Robert Watson <rwatson@FreeBSD.org> |
Merge OpenBSM 1.2-alpha2 from vendor branch to FreeBSD 10-CURRENT; the
primary new feature is auditdistd.
Obtained from: TrustedBSD Project
Sponsored by: The FreeBSD Foundation (auditdistd)
|
|
Revision tags: release/9.1.0 |
|
| #
6a068746 |
| 15-May-2012 |
Alexander Motin <mav@FreeBSD.org> |
MFC
|
| #
38f1b189 |
| 26-Apr-2012 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r234692
sys/amd64/include/cpufunc.h
sys/amd64/include/fpu.h
sys/amd64/amd64/fpu.c
sys/amd64/vmm/vmm.c
- Add API to allow vmm FPU state init/save/restore.
FP stuff discussed with: kib
|
| #
7ab97117 |
| 10-Apr-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge head r233826 through r234091.
|
|
Revision tags: release/8.3.0_cvs, release/8.3.0 |
|
| #
3ee3cd17 |
| 08-Apr-2012 |
Robert Watson <rwatson@FreeBSD.org> |
Merge a local fix to OpenBSM's libauditd to avoid a directory descriptor
leak when iterating over possible audit trail directories. This fix will
be merged upstream in an identical form, but hasn't
Merge a local fix to OpenBSM's libauditd to avoid a directory descriptor
leak when iterating over possible audit trail directories. This fix will
be merged upstream in an identical form, but hasn't yet appeared in an
OpenBSM release.
Submitted by: guido
Obtained from: TrustedBSD Project
MFC after: 3 days
show more ...
|
|
Revision tags: release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0 |
|
| #
10b3b545 |
| 17-Sep-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge from head
|
| #
7d4b968b |
| 17-Sep-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge from head up to r188941 (last revision before the USB stack switch)
|
| #
11e9b8ba |
| 04-Aug-2009 |
Oleksandr Tymoshenko <gonzo@FreeBSD.org> |
- MFC @196061
|
| #
597df30e |
| 17-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:
- Fixes to AUT
Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:
- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
error number space.
MFC after: 3 weeks
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Approved by: re (kib)
show more ...
|
| #
e7153b25 |
| 07-May-2009 |
Oleksandr Tymoshenko <gonzo@FreeBSD.org> |
Merge from HEAD
|
|
Revision tags: release/7.2.0_cvs, release/7.2.0 |
|
| #
c0020399 |
| 19-Apr-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Proje
Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
show more ...
|
| #
1829d5da |
| 12-Mar-2009 |
Warner Losh <imp@FreeBSD.org> |
Update the projects tree to a newer FreeBSD current.
|