BSM audit on Mac OS X
Robert Watson
rwatson at FreeBSD.org
Fri Sep 29 07:35:31 PDT 2006
On Fri, 29 Sep 2006, R. Tyler Ballance wrote:
> Heh, this was one of the first things I hit when I was starting to work on
> openbsm/Darwin, the FreeBSD kernel has a few different options for fetching
> the time from the kernel, but Xnu doesn't, so the quickest solution IMHO was
> just to call out to the standard libc, and form a response that
> auditfilterd.c wants, I've not tested, but it compiles, and that's all
> that's really important anyways right? ;)
>
> My solution was to add a header compat/kernel_time.h (
> http://perforce.freebsd.org/fileViewer.cgi?FSPC=//depot/user/tyler/openbsm/compat/kernel%5ftime.h&REV=3
> ) and then include that in auditfilterd.c
>
> It *should* work, but I can't do much testing on my single intel iMac for
> openbsm and auditing at the moment because I'm busy with contracts and I'm
> scared to hose my work computer ;)
The fix for this will appear in OpenBSM 1.0 alpha 13, and is in Perforce, but
is not yet released. I don't currently have an ETA on that, since I'm
focusing on getting alpha 12 into FreeBSD's 6-STABLE tree today so that it
will appear in BETA2. If it's useful, we can cut an alpha 13 next week so
that there's a baseline that builds on Mac OS X on the web site. Since
Christian has some works in progress, I am hoping to defer the release until
those issues are resolved (relating to IPv6 address auditing).
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the trustedbsd-audit
mailing list