Week 1 / Non-BSM to BSM Conversion Tools
Mateusz Piotrowski
mpp302 at gmail.com
Mon May 30 12:36:18 UTC 2016
Hello,
During the first week of GSoC I’ve managed to set up FreeBSD and Debian in VirtualBox. Both of these guest virtual machines are generating audit logs which I analyse to learn the structure of the audit logs formats. I started to map the fields of the Linux Audit format to the BSM format.
Wiki: https://wiki.freebsd.org/SummerOfCode2016/NonBSMtoBSMConversionTools <https://wiki.freebsd.org/SummerOfCode2016/NonBSMtoBSMConversionTools>
Repository: https://github.com/0mp/gsoc16 <https://github.com/0mp/gsoc16>. (The repository hasn’t got any code in it at the moment; rather a bunch of useful links which helped me to proceed with my project.)
I’ve also created a a little notebook where I keep all my little hacks to get FreeBSD to work: https://github.com/0mp/n0tes/blob/master/freebsd.md <https://github.com/0mp/n0tes/blob/master/freebsd.md>
I hope I’ll be able to produce more value this week as I’ve got less intense assignments to hand in for the time being.
Cheers!
Mateusz Piotrowski
PS If you know how to create audit logs for only one specific file on FreeBSD than please drop me a line! I’ve already asked this question on serverfault (http://serverfault.com/questions/778510/how-to-record-audit-logs-for-only-one-specified-file-in-freebsd <http://serverfault.com/questions/778510/how-to-record-audit-logs-for-only-one-specified-file-in-freebsd>) and I’m about to send an email to the trustedbsd-discuss at freebsd.org <mailto:trustedbsd-discuss at freebsd.org> mailing list.
More information about the soc-status
mailing list