PERFORCE change 127769 for review

Andrew R. Reiter arr at watson.org
Fri Oct 19 05:18:12 PDT 2007


Just curious -- how come openbsm removed AU_ class masks; isnt that needed 
for log analysis?  or at least *better* log analysis?

Cheers,
Andrew

--
Andrew R. Reiter
arr at watson.org
858 245 3682

On Fri, 19 Oct 2007, Robert Watson wrote:

> http://perforce.freebsd.org/chv.cgi?CH=127769
>
> Change 127769 by rwatson at rwatson_zoo on 2007/10/19 10:59:33
>
> 	Integrate OpenBSM changes into audit3 kernel.
>
> Affected files ...
>
> .. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 integrate
>
> Differences ...
>
> ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 (text+ko) ====
>
> @@ -26,7 +26,7 @@
>  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
>  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>  *
> - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#39 $
> + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 $
>  * $FreeBSD: src/sys/bsm/audit.h,v 1.9 2007/07/22 12:28:12 rwatson Exp $
>  */
>
> @@ -75,44 +75,6 @@
> #define	AU_DEFAUDITID	-1
>
> /*
> - * Define the masks for the classes of audit events.
> - */
> -#define	AU_NULL		0x00000000
> -#define	AU_FREAD	0x00000001
> -#define	AU_FWRITE	0x00000002
> -#define	AU_FACCESS	0x00000004
> -#define	AU_FMODIFY	0x00000008
> -#define	AU_FCREATE	0x00000010
> -#define	AU_FDELETE	0x00000020
> -#define	AU_CLOSE	0x00000040
> -#define	AU_PROCESS	0x00000080
> -#define	AU_NET		0x00000100
> -#define	AU_IPC		0x00000200
> -#define	AU_NONAT	0x00000400
> -#define	AU_ADMIN	0x00000800
> -#define	AU_LOGIN	0x00001000
> -#define	AU_TFM		0x00002000
> -#define	AU_APPL		0x00004000
> -#define	AU_SETL		0x00008000
> -#define	AU_IFLOAT	0x00010000
> -#define	AU_PRIV		0x00020000
> -#define	AU_MAC_RW	0x00040000
> -#define	AU_XCONN	0x00080000
> -#define	AU_XCREATE	0x00100000
> -#define	AU_XDELETE	0x00200000
> -#define	AU_XIFLOAT	0x00400000
> -#define	AU_XPRIVS	0x00800000
> -#define	AU_XPRIVF	0x01000000
> -#define	AU_XMOVE	0x02000000
> -#define	AU_XDACF	0x04000000
> -#define	AU_XMACF	0x08000000
> -#define	AU_XSECATTR	0x10000000
> -#define	AU_IOCTL	0x20000000
> -#define	AU_EXEC		0x40000000
> -#define	AU_OTHER	0x80000000
> -#define	AU_ALL		0xffffffff
> -
> -/*
>  * IPC types.
>  */
> #define	AT_IPC_MSG	((u_char)1)	/* Message IPC id. */
>
>


More information about the p4-projects mailing list