PERFORCE change 91049 for review
Robert Watson
rwatson at FreeBSD.org
Sat Feb 4 22:18:35 GMT 2006
On Sat, 4 Feb 2006, Tom Rhodes wrote:
>> In principle, Wayne committed support for the generation of system call
>> based records for i386 and amd64 early this afternoon, which should turn up
>> if you do a CVS update. Chris and I have now tested it on i386 and amd64
>> to good effect. Ollivier has also now tested it on arm, although that
>> requires importing a bugfix from auditd regarding return types from
>> getopt(), which I'll merge as part of OpenBSM 1.0 alpha 3 in a couple of
>> days. Still looking for people to test on alpha, sparc64, and powerpc.
>> Also, it would be useful to test the auditing of i386 binaries running on
>> amd64, which in principle works, but is as yet untested.
>
> I have an AMD64 and the Sparc64 (needs rebuild a bit). Other than the
> binaries, is there any other specifics you are looking for?
Up front, just hearing back on a simple test of:
- Build world, buildkernel OK.
- Install world, install kernel OK.
- Boots GENERIC kernel.
- Boots AUDIT kernel.
- Boots AUDIT kernel with audit enabled.
- Audit records generated at login.
- If audit_user is tweaked to also audit some set of system calls, the system
calls are also audited.
There is a first stab at a test suite in the audit3 tools/regression tree, but
it's probably not yet ready for more wide spread use.
Robert N M Watson
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message
More information about the trustedbsd-audit
mailing list