sample 5.3 based trusted os ;-)
Wayne Salamon
wsalamon at computer.org
Thu Jan 20 21:49:14 GMT 2005
On Jan 20, 2005, at 5:45 AM, Ilmar S. Habibulin wrote:
> Well, i just don't know how else i can help? I have no access to the
> latest sources, and i'm not willing to own a p4 account. I can provide
> you
> with patches for syscall auditing. But i have them only for 5.3, if you
> need them for -current, then i can port, but can't say how much time
> will
> it get.
Do you have a rough idea of what/how many syscalls you've added
auditing to?
Can you send the patches to me?
> audit3 startup differes from mine. Mine is solaris like, audit3 is rcNG
> like. And i don't remember if audit3 has configurable kernel events
> table.
> I have auditconfig.
>
Are you referring to the event->classs mapping table? If so, then that
is present in audit3. We rely on auditd (the audit daemon) to
initialize that table from the /etc/security/audit_event file.
Right now, I'm working on changing the kernel->userspace audit trigger
mechanism. And now that Robert has imported the test suite, I'll be
merging in changes that are needed for the TrustedBSD versions.
Thanks,
Wayne
-------
Wayne Salamon
wsalamon at computer.org
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list