[Bug 125] add BSM audit support
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Feb 15 20:22:59 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=125
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #826| |ok+
Flag| |
------- Additional Comments From djm at mindrot.org 2005-02-15 20:22 -------
(From update of attachment 826)
>Index: LICENCE
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/LICENCE,v
>retrieving revision 1.17
>diff -u -p -r1.17 LICENCE
>--- LICENCE 5 Nov 2004 09:00:03 -0000 1.17
>+++ LICENCE 30 Jan 2005 12:15:38 -0000
>@@ -203,6 +203,7 @@ OpenSSH contains no GPL code.
> Wayne Schroeder
> William Jones
> Darren Tucker
>+ Sun Microsystems
>
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted provided that the following conditions
>Index: Makefile.in
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/Makefile.in,v
>retrieving revision 1.268
>diff -u -p -r1.268 Makefile.in
>--- Makefile.in 2 Feb 2005 13:20:53 -0000 1.268
>+++ Makefile.in 2 Feb 2005 13:27:40 -0000
>@@ -85,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
> monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
> auth-krb5.o \
> auth2-gss.o gss-serv.o gss-serv-krb5.o \
>- loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o
>+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
>+ audit.o audit-bsm.o
>
> MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
> MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
>Index: README.platform
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/README.platform,v
>retrieving revision 1.2
>diff -u -p -r1.2 README.platform
>--- README.platform 23 Apr 2004 08:57:13 -0000 1.2
>+++ README.platform 30 Jan 2005 12:15:38 -0000
>@@ -23,8 +23,20 @@ openssl-devel, zlib, minres, minires-dev
>
> Solaris
> -------
>-Currently, sshd does not support BSM auditting. This can show up as errors
>-when editting cron entries via crontab. See.
>-http://bugzilla.mindrot.org/show_bug.cgi?id=125
>+If you enable BSM auditing on Solaris, you need to update audit_event(4)
>+for praudit(1m) to give sensible output. The following line needs to be
>+added to /etc/security/audit_event:
>+
>+ 32800:AUE_openssh:OpenSSH login:lo
>+
>+If the contrib/buildpkg.sh script is used, the included postinstall
>+script will add the line for you.
>+
>+The BSM audit event range available for third party TCB applications is
>+32768 - 65535. Event number 32800 has been choosen for AUE_openssh.
>+There is no official registry of 3rd party event numbers, so if this
>+number is already in use on your system, you may change it at build time
>+by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
>+
>
> $Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $
>Index: audit-bsm.c
>===================================================================
>RCS file: audit-bsm.c
>diff -N audit-bsm.c
>--- /dev/null 1 Jan 1970 00:00:00 -0000
>+++ audit-bsm.c 15 Feb 2005 08:41:13 -0000
>@@ -0,0 +1,329 @@
>+/* $Id$ */
>+
>+/*
>+ * TODO
>+ *
>+ * - deal with overlap between this and sys_auth_allowed_user
>+ * sys_auth_record_login and record_failed_login.
>+ */
>+
>+/*
>+ * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
>+ * Use is subject to license terms.
>+ *
>+ * Redistribution and use in source and binary forms, with or without
>+ * modification, are permitted provided that the following conditions
>+ * are met:
>+ * 1. Redistributions of source code must retain the above copyright
>+ * notice, this list of conditions and the following disclaimer.
>+ * 2. Redistributions in binary form must reproduce the above copyright
>+ * notice, this list of conditions and the following disclaimer in the
>+ * documentation and/or other materials provided with the distribution.
>+ *
>+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
>+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
>+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
>+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
>+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
>+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
>+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
>+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>+ *
>+ */
>+/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
>+
>+#include "includes.h"
>+#if defined(USE_BSM_AUDIT)
>+
>+#include "ssh.h"
>+#include "log.h"
>+#include "auth.h"
>+#include "xmalloc.h"
>+
>+#ifndef AUE_openssh
>+# define AUE_openssh 32800
>+#endif
>+#include <bsm/audit.h>
>+#include <bsm/libbsm.h>
>+#include <bsm/audit_uevents.h>
>+#include <bsm/audit_record.h>
>+#include <locale.h>
>+
>+#if defined(HAVE_GETAUDIT_ADDR)
>+#define AuditInfoStruct auditinfo_addr
>+#define AuditInfoTermID au_tid_addr_t
>+#define GetAuditFunc(a,b) getaudit_addr((a),(b))
>+#define GetAuditFuncText "getaudit_addr"
>+#define SetAuditFunc(a,b) setaudit_addr((a),(b))
>+#define SetAuditFuncText "setaudit_addr"
>+#define AUToSubjectFunc au_to_subject_ex
>+#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
>+#else
>+#define AuditInfoStruct auditinfo
>+#define AuditInfoTermID au_tid_t
>+#define GetAuditFunc(a,b) getaudit(a)
>+#define GetAuditFuncText "getaudit"
>+#define SetAuditFunc(a,b) setaudit(a)
>+#define SetAuditFuncText "setaudit"
>+#define AUToSubjectFunc au_to_subject
>+#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
>+#endif
>+
>+extern int cannot_audit(int);
>+extern void aug_init(void);
>+extern dev_t aug_get_port(void);
>+extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
>+extern void aug_save_auid(au_id_t);
>+extern void aug_save_uid(uid_t);
>+extern void aug_save_euid(uid_t);
>+extern void aug_save_gid(gid_t);
>+extern void aug_save_egid(gid_t);
>+extern void aug_save_pid(pid_t);
>+extern void aug_save_asid(au_asid_t);
>+extern void aug_save_tid(dev_t, unsigned int);
>+extern void aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t);
>+extern int aug_save_me(void);
>+extern int aug_save_namask(void);
>+extern void aug_save_event(au_event_t);
>+extern void aug_save_sorf(int);
>+extern void aug_save_text(char *);
>+extern void aug_save_text1(char *);
>+extern void aug_save_text2(char *);
>+extern void aug_save_na(int);
>+extern void aug_save_user(char *);
>+extern void aug_save_path(char *);
>+extern int aug_save_policy(void);
>+extern void aug_save_afunc(int (*)(int));
>+extern int aug_audit(void);
>+extern int aug_na_selected(void);
>+extern int aug_selected(void);
>+extern int aug_daemon_session(void);
>+
>+#ifndef HAVE_GETTEXT
>+# define gettext(a) (a)
>+#endif
>+
>+extern Authctxt *the_authctxt;
>+static AuditInfoTermID ssh_bsm_tid;
>+
>+/* Below is the low-level BSM interface code */
>+
>+/*
>+ * Check if the specified event is selected (enabled) for auditting.
s/auditting/auditing/
I think configure should print a "read the README.bsm" or something if BSM is
enabled.
Otherwise OK.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list