new syscalls audit events
Jack Halford
jack at gandi.net
Fri Dec 14 16:16:17 UTC 2018
Hello,
I'm currently writing a patch for 3 new syscalls for per-thread credentials, 2
of these are auditable (setcred and revertcred, see [1]). The wiki page about
adding auditing events says to contact you in case of need of a new BSM event.
I'm prettu sure I've added my events in all the right place, however I can't see
any of my syscalls in the auditpipe.
So far I've done the following:
1) added relevant information in
- contrib/openbsm/etc/audit_event
- contrib/openbsm/sys/bsm/audit_kevents.h
- sys/bsm/audit_kevents.h
- sys/kern/syscalls.master
- sys/compat/freebsd32/syscalls.master
2) regenerate sysvector, build and install kernel and world
3) `make -C usb.sbin install` doesn't seems to install
the new /etc/audit_event so I cp'd it by hand
Any pointers? I'd like to get this working before the review for obvious
reasons...
[1]: https://github.com/jzck/freebsd/pull/1/files
--
Best,
Jack
More information about the trustedbsd-audit
mailing list