[Bug 125] add BSM audit support
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Jan 30 16:24:05 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=125
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #793 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2005-01-30 16:24 -------
Created an attachment (id=794)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=794&action=view)
Add audit hooks to sshd
OK, I think this one is ready. (Don't get excited yet folks, it's just the
hooks at this stage.)
I dropped the /etc/nologin handling because it was ugly. With a little
restructuring to do_nologin it can be done cleanly, but it can wait.
Things that ought to be looked at in this patch:
- the audit hooks in the monitor are enabled unconditionally post-auth.
audit_event() is pretty harmless, but audit_run_command takes a string.
- should audit_run_command and/or the monitor do sanity checking (strnvis?
enforce a max length?)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list