[Bug 125] add BSM audit support

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Jan 30 16:24:05 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=125


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #793 is|0                           |1
           obsolete|                            |




------- Additional Comments From dtucker at zip.com.au  2005-01-30 16:24 -------
Created an attachment (id=794)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=794&action=view)
Add audit hooks to sshd

OK, I think this one is ready.	(Don't get excited yet folks, it's just the
hooks at this stage.)

I dropped the /etc/nologin handling because it was ugly.  With a little
restructuring to do_nologin it can be done cleanly, but it can wait.

Things that ought to be looked at in this patch:

 - the audit hooks in the monitor are enabled unconditionally post-auth. 
audit_event() is pretty harmless, but audit_run_command takes a string.

 - should audit_run_command and/or the monitor do sanity checking (strnvis? 
enforce a max length?)




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list