OpenBSM: does somebody work on it?
Robert Watson
rwatson at FreeBSD.org
Sun Jul 17 10:14:18 UTC 2011
On Wed, 29 Jun 2011, Stacey Son wrote:
>> I'm trying to use audit, and has some problems. First one is impossiblity
>> to create custom event class, and second one I hit is with auditreduce(1)
>>
>> auditreduce doesn't filter events by date (-b/-a/-d options with any
>> arguments produces empty output), it doesn't merge files properly and
>> doesn't pick up files automagically, as Solaris' one does. It doesn't have
>> -C/-M/-O functionality of Solaris' one, too. So, proper merging of audit
>> trial files seems to be impossible :(
>>
>> I could try to fix & extend auditreduce(1), but does somebdy but me need
>> it?
>>
>> Does somebody use audit on FreeBSD on production systems?
>
> FYI, a better place to discuss this would be the trustedbsd-audit mailing
> list. There are quite of few people that use OpenBSM in production on
> FreeBSD and Mac OS X that hang out on that list usually.
Hi Lev:
Just catching up on back e-mail, and bumped into this thread. Did you file
PRs for these bugs? As Stacey mentions, the trustedbsd-audit mailing list is
where most discussion of OpenBSM takes place. It's generally pretty quiet,
but there are quite a few people using audit in production, and I'm sure
they'd appreciate bug reports (and even fixes!).
Robert
More information about the freebsd-security
mailing list