sample 5.3 based trusted os ;-)

[Wayne Salamon]

On Jan 20, 2005, at 5:45 AM, Ilmar S. Habibulin wrote:

> Well, i just don't know how else i can help? I have no access to the
> latest sources, and i'm not willing to own a p4 account. I can provide 
> you
> with patches for syscall auditing. But i have them only for 5.3, if you
> need them for -current, then i can port, but can't say how much time 
> will
> it get.

Do you have a rough idea of what/how many syscalls you've added 
auditing to?

Can you send the patches to me?

> audit3 startup differes from mine. Mine is solaris like, audit3 is rcNG
> like. And i don't remember if audit3 has configurable kernel events 
> table.
> I have auditconfig.
>

Are you referring to the event->classs mapping table? If so, then that 
is present in audit3. We rely on auditd (the audit daemon) to 
initialize that table from the /etc/security/audit_event file.

Right now, I'm working on changing the kernel->userspace audit trigger 
mechanism. And now that Robert has imported the test suite, I'll be 
merging in changes that are needed for the TrustedBSD versions.

Thanks,

Wayne
-------
Wayne Salamon
wsalamon at computer.org

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message