samples - OpenGrok history log for /freebsd/contrib/openbsm/test/samples

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
bb97b418	21-Sep-2006	Robert Watson <rwatson@FreeBSD.org>	Vendor import of OpenBSM 1.0 alpha 11, with the following change history notes since the last import: OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than Vendor import of OpenBSM 1.0 alpha 11, with the following change history notes since the last import: OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - Improve auditd debugging output. - Fix a number of threading related bugs in audit_control file reading routines. - Add APIs au_poltostr() and au_strtopol() to convert between text representations of audit_control policy flags and the flags passed to auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). - Add API getacpol() to return the 'policy:' entry from audit_control, an extension to the Solaris file format to allow specification of policy persistent flags. - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. If a policy line is not found in the configuration file, continue with the current default of setting AUDIT_CNT. - Fix bugs in the parsing of large execve(2) arguments and environmental variable tokens; increase maximum parsed argument and variable count. - configure now detects strlcat(), used by policy-related functions. - Reference token and record sample files added to test tree. Obtained from: TrustedBSD Project show more ... /freebsd/contrib/openbsm/CHANGELOG /freebsd/contrib/openbsm/HISTORY /freebsd/contrib/openbsm/LICENSE /freebsd/contrib/openbsm/Makefile /freebsd/contrib/openbsm/Makefile.am /freebsd/contrib/openbsm/Makefile.in /freebsd/contrib/openbsm/README /freebsd/contrib/openbsm/TODO /freebsd/contrib/openbsm/VERSION /freebsd/contrib/openbsm/aclocal.m4 /freebsd/contrib/openbsm/autogen.sh /freebsd/contrib/openbsm/bin/Makefile /freebsd/contrib/openbsm/bin/Makefile.am /freebsd/contrib/openbsm/bin/Makefile.in /freebsd/contrib/openbsm/bin/audit/Makefile /freebsd/contrib/openbsm/bin/audit/Makefile.am /freebsd/contrib/openbsm/bin/audit/Makefile.in /freebsd/contrib/openbsm/bin/audit/audit.8 /freebsd/contrib/openbsm/bin/audit/audit.c /freebsd/contrib/openbsm/bin/auditd/Makefile /freebsd/contrib/openbsm/bin/auditd/Makefile.am /freebsd/contrib/openbsm/bin/auditd/Makefile.in /freebsd/contrib/openbsm/bin/auditd/audit_warn.c /freebsd/contrib/openbsm/bin/auditd/auditd.8 /freebsd/contrib/openbsm/bin/auditd/auditd.c /freebsd/contrib/openbsm/bin/auditd/auditd.h /freebsd/contrib/openbsm/bin/auditfilterd/Makefile.am /freebsd/contrib/openbsm/bin/auditfilterd/Makefile.in /freebsd/contrib/openbsm/bin/auditfilterd/auditfilterd.8 /freebsd/contrib/openbsm/bin/auditfilterd/auditfilterd.c /freebsd/contrib/openbsm/bin/auditfilterd/auditfilterd.h /freebsd/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c /freebsd/contrib/openbsm/bin/auditreduce/Makefile /freebsd/contrib/openbsm/bin/auditreduce/Makefile.am /freebsd/contrib/openbsm/bin/auditreduce/Makefile.in /freebsd/contrib/openbsm/bin/auditreduce/auditreduce.1 /freebsd/contrib/openbsm/bin/auditreduce/auditreduce.c /freebsd/contrib/openbsm/bin/auditreduce/auditreduce.h /freebsd/contrib/openbsm/bin/praudit/Makefile /freebsd/contrib/openbsm/bin/praudit/Makefile.am /freebsd/contrib/openbsm/bin/praudit/Makefile.in /freebsd/contrib/openbsm/bin/praudit/praudit.1 /freebsd/contrib/openbsm/bin/praudit/praudit.c /freebsd/contrib/openbsm/bsm/Makefile /freebsd/contrib/openbsm/bsm/Makefile.am /freebsd/contrib/openbsm/bsm/Makefile.in /freebsd/contrib/openbsm/bsm/audit.h /freebsd/contrib/openbsm/bsm/audit_filter.h /freebsd/contrib/openbsm/bsm/audit_internal.h /freebsd/contrib/openbsm/bsm/audit_kevents.h /freebsd/contrib/openbsm/bsm/audit_record.h /freebsd/contrib/openbsm/bsm/audit_uevents.h /freebsd/contrib/openbsm/bsm/libbsm.h /freebsd/contrib/openbsm/compat/endian.h /freebsd/contrib/openbsm/compat/queue.h /freebsd/contrib/openbsm/compat/strlcat.h /freebsd/contrib/openbsm/config/config.guess /freebsd/contrib/openbsm/config/config.h.in /freebsd/contrib/openbsm/config/config.sub /freebsd/contrib/openbsm/config/depcomp /freebsd/contrib/openbsm/config/install-sh /freebsd/contrib/openbsm/config/ltmain.sh /freebsd/contrib/openbsm/config/missing /freebsd/contrib/openbsm/configure /freebsd/contrib/openbsm/configure.ac /freebsd/contrib/openbsm/etc/audit_class /freebsd/contrib/openbsm/etc/audit_control /freebsd/contrib/openbsm/etc/audit_event /freebsd/contrib/openbsm/etc/audit_filter /freebsd/contrib/openbsm/etc/audit_user /freebsd/contrib/openbsm/etc/audit_warn /freebsd/contrib/openbsm/libbsm/Makefile /freebsd/contrib/openbsm/libbsm/Makefile.am /freebsd/contrib/openbsm/libbsm/Makefile.in /freebsd/contrib/openbsm/libbsm/au_class.3 /freebsd/contrib/openbsm/libbsm/au_control.3 /freebsd/contrib/openbsm/libbsm/au_event.3 /freebsd/contrib/openbsm/libbsm/au_free_token.3 /freebsd/contrib/openbsm/libbsm/au_io.3 /freebsd/contrib/openbsm/libbsm/au_mask.3 /freebsd/contrib/openbsm/libbsm/au_open.3 /freebsd/contrib/openbsm/libbsm/au_token.3 /freebsd/contrib/openbsm/libbsm/au_user.3 /freebsd/contrib/openbsm/libbsm/audit_submit.3 /freebsd/contrib/openbsm/libbsm/bsm_audit.c /freebsd/contrib/openbsm/libbsm/bsm_class.c /freebsd/contrib/openbsm/libbsm/bsm_control.c /freebsd/contrib/openbsm/libbsm/bsm_event.c /freebsd/contrib/openbsm/libbsm/bsm_flags.c /freebsd/contrib/openbsm/libbsm/bsm_io.c /freebsd/contrib/openbsm/libbsm/bsm_mask.c /freebsd/contrib/openbsm/libbsm/bsm_notify.c /freebsd/contrib/openbsm/libbsm/bsm_token.c /freebsd/contrib/openbsm/libbsm/bsm_user.c /freebsd/contrib/openbsm/libbsm/bsm_wrappers.c /freebsd/contrib/openbsm/libbsm/libbsm.3 /freebsd/contrib/openbsm/man/Makefile /freebsd/contrib/openbsm/man/Makefile.am /freebsd/contrib/openbsm/man/Makefile.in /freebsd/contrib/openbsm/man/audit.2 /freebsd/contrib/openbsm/man/audit.log.5 /freebsd/contrib/openbsm/man/audit_class.5 /freebsd/contrib/openbsm/man/audit_control.5 /freebsd/contrib/openbsm/man/audit_event.5 /freebsd/contrib/openbsm/man/audit_user.5 /freebsd/contrib/openbsm/man/audit_warn.5 /freebsd/contrib/openbsm/man/auditctl.2 /freebsd/contrib/openbsm/man/auditon.2 /freebsd/contrib/openbsm/man/getaudit.2 /freebsd/contrib/openbsm/man/getauid.2 /freebsd/contrib/openbsm/man/setaudit.2 /freebsd/contrib/openbsm/man/setauid.2 /freebsd/contrib/openbsm/modules/Makefile.am /freebsd/contrib/openbsm/modules/Makefile.in /freebsd/contrib/openbsm/modules/auditfilter_noop/Makefile.am /freebsd/contrib/openbsm/modules/auditfilter_noop/Makefile.in /freebsd/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c /freebsd/contrib/openbsm/test/Makefile.am /freebsd/contrib/openbsm/test/Makefile.in /freebsd/contrib/openbsm/test/bsm/Makefile.am /freebsd/contrib/openbsm/test/bsm/Makefile.in /freebsd/contrib/openbsm/test/bsm/generate.c /freebsd/contrib/openbsm/test/reference/arg32_record /freebsd/contrib/openbsm/test/reference/arg32_token /freebsd/contrib/openbsm/test/reference/data_record /freebsd/contrib/openbsm/test/reference/data_token /freebsd/contrib/openbsm/test/reference/file_record /freebsd/contrib/openbsm/test/reference/file_token /freebsd/contrib/openbsm/test/reference/header32_token /freebsd/contrib/openbsm/test/reference/in_addr_record /freebsd/contrib/openbsm/test/reference/in_addr_token /freebsd/contrib/openbsm/test/reference/ip_record /freebsd/contrib/openbsm/test/reference/ip_token /freebsd/contrib/openbsm/test/reference/ipc_record /freebsd/contrib/openbsm/test/reference/ipc_token /freebsd/contrib/openbsm/test/reference/iport_record /freebsd/contrib/openbsm/test/reference/iport_token /freebsd/contrib/openbsm/test/reference/opaque_record /freebsd/contrib/openbsm/test/reference/opaque_token /freebsd/contrib/openbsm/test/reference/path_record /freebsd/contrib/openbsm/test/reference/path_token /freebsd/contrib/openbsm/test/reference/process32_record /freebsd/contrib/openbsm/test/reference/process32_token /freebsd/contrib/openbsm/test/reference/process32ex_record /freebsd/contrib/openbsm/test/reference/process32ex_token /freebsd/contrib/openbsm/test/reference/return32_record /freebsd/contrib/openbsm/test/reference/return32_token /freebsd/contrib/openbsm/test/reference/seq_record /freebsd/contrib/openbsm/test/reference/seq_token /freebsd/contrib/openbsm/test/reference/subject32_record /freebsd/contrib/openbsm/test/reference/subject32_token /freebsd/contrib/openbsm/test/reference/subject32ex_record /freebsd/contrib/openbsm/test/reference/subject32ex_token-IPv4 /freebsd/contrib/openbsm/test/reference/subject32ex_token-IPv6 /freebsd/contrib/openbsm/test/reference/text_record /freebsd/contrib/openbsm/test/reference/text_token /freebsd/contrib/openbsm/test/reference/trailer_token execve-long-args.trail /freebsd/contrib/openbsm/tools/Makefile /freebsd/contrib/openbsm/tools/Makefile.am /freebsd/contrib/openbsm/tools/Makefile.in /freebsd/contrib/openbsm/tools/audump.c

Revision

Date

Author

Comments

(<<< Hide modified files)

(Show modified files >>>)

bb97b418

21-Sep-2006

Robert Watson <rwatson@FreeBSD.org>

Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than

Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
fr/fw class; our default classes audit intent (open) not operations (read,
write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
and writes of sysctls as separate events. Add additional kernel
environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
a dropped request, the log file will otherwise grow indefinitely if the
trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
representations of audit_control policy flags and the flags passed to
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
extension to the Solaris file format to allow specification of policy
persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
policy to match it when configuring/reconfiguring. Remove the -s and -h
arguments as these policies are now set via the configuration file. If a
policy line is not found in the configuration file, continue with the
current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from: TrustedBSD Project