PERFORCE change 63119 for review
Wayne Salamon
wsalamon at computer.org
Mon Oct 18 01:03:24 GMT 2004
On Oct 13, 2004, at 11:07 AM, Andrew R. Reiter wrote:
> Is this p4 tree available via cvsup? If so, just curious if you could
> let me know the label. I'd like to help out where I can.
>
I think you have access to the branch now.
Here's a quick TODO list (I cc'ing the audit list for other's to
consider)
1) Lots of system calls need auditing. Some are going to be fairly
mechanical, using straight-forward audit record. For others, we may
have to come up with new record types.
2) The audit daemon needs work; log rotation doesn't always work
correctly. This is next on my list.
3) Integration of later TrustedBSD code.
4) Pathname lookup. The audit code uses vn_fullpath(), which isn't
always successful.
5) Test programs. I have a suite of code that exercises system calls
and checks the audit log ,, but more would be nice, especially for
stress testing.
6) Not all of the commands for the auditon() system call are
implemented.
7) Code cleanup, removal of Darwin commentary, etc.
8) XXX comments, some involve locking questions, need resolution.
Most of the kernel infrastructure is in place. Audit records are
written, event->class mappings work, some calls are audited,
preselection works, and the kernel->auditd IPC mechanism works. Also,
the kernel calls for audit log rotation and detects a near full
filesystem, notifying the audit daemon of those events.
I'm swamped for the next few weeks at work, but will try to poke at
some of these issues. Any assistance is greatly appreciated.
Thanks,
--------------------------
Wayne Salamon
wsalamon at freebsd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1662 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/trustedbsd-audit/attachments/20041017/780168db/attachment.bin
More information about the trustedbsd-audit
mailing list