Searched hist:deea362c80aa7bcafc889b8ede78af1e75c1f3d5 (Results 1 – 2 of 2) sorted by relevance
| /freebsd/sys/security/audit/ |
| H A D | audit_bsm_db.c | diff deea362c80aa7bcafc889b8ede78af1e75c1f3d5 Mon Sep 03 16:26:43 CEST 2018 Robert Watson <rwatson@FreeBSD.org> The kernel DTrace audit provider (dtaudit) relies on auditd(8) to load
/etc/security/audit_event to provide a list of audit event-number <->
name mappings. However, this occurs too late for anonymous tracing.
With this change, adding 'audit_event_load="YES"' to /boot/loader.conf
will cause the boot loader to preload the file, and then the kernel
audit code will parse it to register an initial set of audit event-number
<-> name mappings. Those mappings can later be updated by auditd(8) if
the configuration file changes.
Reviewed by: gnn, asomers, markj, allanjude
Discussed with: jhb
Approved by: re (kib)
MFC after: 1 week
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16589
|
| /freebsd/stand/defaults/ |
| H A D | loader.conf | diff deea362c80aa7bcafc889b8ede78af1e75c1f3d5 Mon Sep 03 16:26:43 CEST 2018 Robert Watson <rwatson@FreeBSD.org> The kernel DTrace audit provider (dtaudit) relies on auditd(8) to load
/etc/security/audit_event to provide a list of audit event-number <->
name mappings. However, this occurs too late for anonymous tracing.
With this change, adding 'audit_event_load="YES"' to /boot/loader.conf
will cause the boot loader to preload the file, and then the kernel
audit code will parse it to register an initial set of audit event-number
<-> name mappings. Those mappings can later be updated by auditd(8) if
the configuration file changes.
Reviewed by: gnn, asomers, markj, allanjude
Discussed with: jhb
Approved by: re (kib)
MFC after: 1 week
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16589
|