PERFORCE change 127769 for review
Andrew R. Reiter
arr at watson.org
Fri Oct 19 06:52:42 PDT 2007
On Fri, 19 Oct 2007, Robert Watson wrote:
> On Fri, 19 Oct 2007, Andrew R. Reiter wrote:
>
>> Just curious -- how come openbsm removed AU_ class masks; isnt that needed
>> for log analysis? or at least *better* log analysis?
>
> I think these definitions were largely historical -- the class masks are also
> defined in /etc/security/audit_class, and customizable for each system they
> are installed on. The hard-coded mask definitions below were never used,
> with with the exception of AU_NULL (no bits set). Likewise, they probably
> shouldn't be used, on the basis that they are compile-time rather than
> run-time, and may conflict with run-time settings -- i.e., for hosts where a
> different set of classes have been defined.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
Makes sense.
Cheers,
Andrew
>
>>
>> Cheers,
>> Andrew
>>
>> --
>> Andrew R. Reiter
>> arr at watson.org
>> 858 245 3682
>>
>> On Fri, 19 Oct 2007, Robert Watson wrote:
>>
>>> http://perforce.freebsd.org/chv.cgi?CH=127769
>>>
>>> Change 127769 by rwatson at rwatson_zoo on 2007/10/19 10:59:33
>>>
>>> Integrate OpenBSM changes into audit3 kernel.
>>>
>>> Affected files ...
>>>
>>> .. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 integrate
>>>
>>> Differences ...
>>>
>>> ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 (text+ko) ====
>>>
>>> @@ -26,7 +26,7 @@
>>> * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
>>> OF
>>> * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>>> *
>>> - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#39 $
>>> + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 $
>>> * $FreeBSD: src/sys/bsm/audit.h,v 1.9 2007/07/22 12:28:12 rwatson Exp $
>>> */
>>>
>>> @@ -75,44 +75,6 @@
>>> #define AU_DEFAUDITID -1
>>>
>>> /*
>>> - * Define the masks for the classes of audit events.
>>> - */
>>> -#define AU_NULL 0x00000000
>>> -#define AU_FREAD 0x00000001
>>> -#define AU_FWRITE 0x00000002
>>> -#define AU_FACCESS 0x00000004
>>> -#define AU_FMODIFY 0x00000008
>>> -#define AU_FCREATE 0x00000010
>>> -#define AU_FDELETE 0x00000020
>>> -#define AU_CLOSE 0x00000040
>>> -#define AU_PROCESS 0x00000080
>>> -#define AU_NET 0x00000100
>>> -#define AU_IPC 0x00000200
>>> -#define AU_NONAT 0x00000400
>>> -#define AU_ADMIN 0x00000800
>>> -#define AU_LOGIN 0x00001000
>>> -#define AU_TFM 0x00002000
>>> -#define AU_APPL 0x00004000
>>> -#define AU_SETL 0x00008000
>>> -#define AU_IFLOAT 0x00010000
>>> -#define AU_PRIV 0x00020000
>>> -#define AU_MAC_RW 0x00040000
>>> -#define AU_XCONN 0x00080000
>>> -#define AU_XCREATE 0x00100000
>>> -#define AU_XDELETE 0x00200000
>>> -#define AU_XIFLOAT 0x00400000
>>> -#define AU_XPRIVS 0x00800000
>>> -#define AU_XPRIVF 0x01000000
>>> -#define AU_XMOVE 0x02000000
>>> -#define AU_XDACF 0x04000000
>>> -#define AU_XMACF 0x08000000
>>> -#define AU_XSECATTR 0x10000000
>>> -#define AU_IOCTL 0x20000000
>>> -#define AU_EXEC 0x40000000
>>> -#define AU_OTHER 0x80000000
>>> -#define AU_ALL 0xffffffff
>>> -
>>> -/*
>>> * IPC types.
>>> */
>>> #define AT_IPC_MSG ((u_char)1) /* Message IPC id. */
>>>
>>>
>>
>
>
More information about the p4-projects
mailing list