PERFORCE change 127769 for review

Andrew R. Reiter arr at watson.org
Fri Oct 19 06:52:42 PDT 2007 



On Fri, 19 Oct 2007, Robert Watson wrote:

> On Fri, 19 Oct 2007, Andrew R. Reiter wrote:
>
>> Just curious -- how come openbsm removed AU_ class masks; isnt that needed 
>> for log analysis?  or at least *better* log analysis?
>
> I think these definitions were largely historical -- the class masks are also 
> defined in /etc/security/audit_class, and customizable for each system they 
> are installed on.  The hard-coded mask definitions below were never used, 
> with with the exception of AU_NULL (no bits set).  Likewise, they probably 
> shouldn't be used, on the basis that they are compile-time rather than 
> run-time, and may conflict with run-time settings -- i.e., for hosts where a 
> different set of classes have been defined.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge

Makes sense.

Cheers,
Andrew

>
>> 
>> Cheers,
>> Andrew
>> 
>> --
>> Andrew R. Reiter
>> arr at watson.org
>> 858 245 3682
>> 
>> On Fri, 19 Oct 2007, Robert Watson wrote:
>> 
>>> http://perforce.freebsd.org/chv.cgi?CH=127769
>>> 
>>> Change 127769 by rwatson at rwatson_zoo on 2007/10/19 10:59:33
>>>
>>> 	Integrate OpenBSM changes into audit3 kernel.
>>> 
>>> Affected files ...
>>> 
>>> .. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 integrate
>>> 
>>> Differences ...
>>> 
>>> ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 (text+ko) ====
>>> 
>>> @@ -26,7 +26,7 @@
>>>  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 
>>> OF
>>>  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>>>  *
>>> - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#39 $
>>> + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 $
>>>  * $FreeBSD: src/sys/bsm/audit.h,v 1.9 2007/07/22 12:28:12 rwatson Exp $
>>>  */
>>> 
>>> @@ -75,44 +75,6 @@
>>> #define	AU_DEFAUDITID	-1
>>> 
>>> /*
>>> - * Define the masks for the classes of audit events.
>>> - */
>>> -#define	AU_NULL		0x00000000
>>> -#define	AU_FREAD	0x00000001
>>> -#define	AU_FWRITE	0x00000002
>>> -#define	AU_FACCESS	0x00000004
>>> -#define	AU_FMODIFY	0x00000008
>>> -#define	AU_FCREATE	0x00000010
>>> -#define	AU_FDELETE	0x00000020
>>> -#define	AU_CLOSE	0x00000040
>>> -#define	AU_PROCESS	0x00000080
>>> -#define	AU_NET		0x00000100
>>> -#define	AU_IPC		0x00000200
>>> -#define	AU_NONAT	0x00000400
>>> -#define	AU_ADMIN	0x00000800
>>> -#define	AU_LOGIN	0x00001000
>>> -#define	AU_TFM		0x00002000
>>> -#define	AU_APPL		0x00004000
>>> -#define	AU_SETL		0x00008000
>>> -#define	AU_IFLOAT	0x00010000
>>> -#define	AU_PRIV		0x00020000
>>> -#define	AU_MAC_RW	0x00040000
>>> -#define	AU_XCONN	0x00080000
>>> -#define	AU_XCREATE	0x00100000
>>> -#define	AU_XDELETE	0x00200000
>>> -#define	AU_XIFLOAT	0x00400000
>>> -#define	AU_XPRIVS	0x00800000
>>> -#define	AU_XPRIVF	0x01000000
>>> -#define	AU_XMOVE	0x02000000
>>> -#define	AU_XDACF	0x04000000
>>> -#define	AU_XMACF	0x08000000
>>> -#define	AU_XSECATTR	0x10000000
>>> -#define	AU_IOCTL	0x20000000
>>> -#define	AU_EXEC		0x40000000
>>> -#define	AU_OTHER	0x80000000
>>> -#define	AU_ALL		0xffffffff
>>> -
>>> -/*
>>>  * IPC types.
>>>  */
>>> #define	AT_IPC_MSG	((u_char)1)	/* Message IPC id. */
>>> 
>>> 
>> 
>
>

More information about the p4-projects mailing list