PERFORCE change 91394 for review
wsalamon at FreeBSD.org
Wed Feb 8 13:11:37 GMT 2006
Change 91394 by wsalamon at gretsch on 2006/02/08 13:11:28
Add items about clarifiying the interaction of naflags,
current audit state, and what userspace might need to
do. Also add item about kernel's audit state indicators.
Affected files ...
.. //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#5 edit
==== //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#5 (text+ko) ====
@@ -75,3 +75,18 @@
kernel event mapping. Make the synchronization code a library function in
OpenBSM so that the same code can be used in both auditd and the audit
+- Determine what the correct behavior should be for processes that
+are started before audit is enabled: Should they be audited based
+on naflags AFTER audit is enabled, or do they not get audited.
+- For programs that set the audit masks for authenticated users
+(login, sshd, etc.) need to consider the audit off vs. audit
+disabled (a temporary condition) state. Should the flags for
+the process be set in the disabled state but not the off state?
+- Review the kernel audit_enabled and audit_suspended flags, making
+sure they are used consistently, and they map to the exposed state
+(AUC_DISABLED, AUC_AUDITING, and AUC_NOAUDIT).
+- Clearly document whatever is decided for the three items above.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs