praudit - xml output patches
Robert Watson
rwatson at FreeBSD.org
Sun Oct 22 05:17:42 PDT 2006
On Thu, 19 Oct 2006, Martin Voros wrote:
> finally I found some time and prepared patches which add XML output for
> OpenBSM praudit utility and improve audit.log.5 manual page. I made these
> patches against OpenBSM 1.0 alpha 12 release. Unfortunately, I can't test 64
> bits tokens and also I couldn't test some other tokens so I call for
> testing. Of course all comments and suggestions are welcome. I also added
> some token descriptions to audit.log.5 manual page.
>
> Instructions:
> # cd DIR_WITH_OBSM_alpha12
> # patch < xml.patch
> # patch < doc.patch
This sounds really good! A few high level comments, without having really dug
in yet:
- Is xml mode exclusive of other modes, such as short? If so, we should check
for combined use and print a usage message if the requested use isn't
allowed.
- Functions mis-spelled in libbsm.h comment.
- In general, we should prefix public function names in libbsm with au_, in
order to avoid symbol name collisions with applications and other libraries.
This should definitely be the case for non-static f unction names, and we
should think about also doing it for new static ones. So, for example, the
header printing functions.
- I wonder if we should be introducing a new au_print_tok_xml() call, since
the current API is one we expose to applications and probably shouldn't be
changed? Should "short form" and "xml form" be mutually exclusive?
Presumably "raw" is still interesting when combined with "xml"? Combining
them for internal APIs (and changing them) makes sense and is fine, it's
just changing current application interfaces that is undesirable. Mind
you, our au_print_tok() appears to be different from the one in Solaris.
- Is the patch for audit.log.5 backwards (i.e., the revert patch rather than
the apply patch)? It looks good, just backwards, I think.
- Is this the same XML format that Solaris's praudit uses, or a different one?
Could you produce documentation for the parseable XML format, or at least,
notes that someone with nroff clue could convert to a man page for you?
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the trustedbsd-audit
mailing list