PERFORCE change 133695 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sat Jan 19 16:08:49 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=133695
Change 133695 by csjp at csjp_xor on 2008/01/20 00:08:27
- Add option to auditreduce(1) which allows users to invert the sense
of matching. If -v is specified, we will select records that do not
the specified criteria.
- Document the option in auditreduce.1 man page.
- Add a section to the HISTORY file.
- Tweak a few documentation bugs in HISTORY, auditreduce should be
considered a general tool, not system maintenance procedure.
(auditreduce(8) -> auditreduce(1))
Discussed with: rwatson
Affected files ...
.. //depot/projects/trustedbsd/openbsm/HISTORY#60 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/HISTORY#60 (text+ko) ====
@@ -1,8 +1,11 @@
OpenBSM 1.1 alpha 1
+- Add option to auditreduce(1) which allows users to invert sense of
+ matching, such that BSM records that do not match, are selected.
+
OpenBSM 1.0
-- Fix bug in auditreduce(8) which resulted in a memory fault/crash when
+- Fix bug in auditreduce(1) which resulted in a memory fault/crash when
the user specified an event name with -m.
- Remove AU_.* hard-coded audit class constants, as udit classes are now
entirely dynamically configured using /etc/security/audit_class.
@@ -15,7 +18,7 @@
- Synchronized audit event list to Solaris, picking up the *at(2) system call
definitions, now required for FreeBSD and Linux. Added additional events
for *at(2) system calls not present in Solaris.
-- Bugs in auditreduce(8) fixed allowing partial date strings to be used in
+- Bugs in auditreduce(1) fixed allowing partial date strings to be used in
filtering events.
OpenBSM 1.0 alpha 14
@@ -304,4 +307,4 @@
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#59 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#60 $
==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 (text+ko) ====
@@ -25,7 +25,7 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#14 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 $
.\"
.Dd January 24, 2004
.Dt AUDITREDUCE 1
@@ -48,6 +48,7 @@
.Op Fl o Ar object Ns = Ns Ar value
.Op Fl r Ar ruid
.Op Fl u Ar auid
+.Op Fl v
.Op Ar
.Sh DESCRIPTION
The
@@ -127,6 +128,8 @@
Select records with the given real user ID or name.
.It Fl u Ar auid
Select records with the given audit ID.
+.It Fl v
+Invert sense of matching, to select records that do not match.
.El
.Sh EXAMPLES
To select all records associated with effective user ID root from the audit
==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#20 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 $
*/
/*
@@ -346,7 +346,7 @@
select_hdr32(tokenstr_t tok, uint32_t *optchkd)
{
- SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m));
+ SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m | OPT_v));
/* The A option overrides a, b and d. */
if (!ISOPTSET(opttochk, OPT_A)) {
@@ -476,6 +476,7 @@
int bytesread;
int selected;
uint32_t optchkd;
+ int print;
int err = 0;
while ((reclen = au_read_rec(fp, &buf)) != -1) {
@@ -556,14 +557,12 @@
}
bytesread += tok.len;
}
- if ((selected == 1) && (!err)) {
- /* Check if all the options were matched. */
- if (!(opttochk & ~optchkd)) {
- /* XXX Write this record to the output file. */
- /* default to stdout */
- fwrite(buf, 1, reclen, stdout);
- }
- }
+ /* Check if all the options were matched. */
+ print = ((selected == 1) && (!err) && (!(opttochk & ~optchkd)));
+ if (ISOPTSET(opttochk, OPT_v))
+ print = !print;
+ if (print)
+ (void) fwrite(buf, 1, reclen, stdout);
free(buf);
}
return (0);
@@ -618,7 +617,7 @@
converr = NULL;
- while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:")) != -1) {
+ while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) {
switch(ch) {
case 'A':
SETOPT(opttochk, OPT_A);
@@ -755,6 +754,10 @@
SETOPT(opttochk, OPT_u);
break;
+ case 'v':
+ SETOPT(opttochk, OPT_v);
+ break;
+
case '?':
default:
usage("Unknown option");
==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 $
*/
#ifndef _AUDITREDUCE_H_
@@ -58,6 +58,7 @@
#define OPT_r 0x00008000
#define OPT_u 0x00010000
#define OPT_A 0x00020000
+#define OPT_v 0x00040000
#define FILEOBJ "file"
#define MSGQIDOBJ "msgqid"
More information about the p4-projects
mailing list