[Bug 1402] Support auditing through Linux Audit subsystem
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Oct 12 14:20:30 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1402
--- Comment #7 from Darren Tucker <dtucker at zip.com.au> 2010-10-12 14:20:29 EST ---
Comment on attachment 1931
--> https://bugzilla.mindrot.org/attachment.cgi?id=1931
improoved patch
>+/* #pragma ident "@(#)audit-linux.c 1.1 01/09/17 SMI" */
It looks like this file was originally based on the Sun-copyright
audit-bsm.c. That said, it looks like none of the original Sun code
remains.
>+ else
>+ return 0; /* Must prevent login */
whitespace.
>+ if (rc >= 0)
>+ return 1;
>+ else
>+ return 0;
return(rc >= 0); ?
>+ if (linux_audit_record_event(li->uid, NULL, li->hostname,
>+ NULL, li->line, 1) == 0)
indenting wrong (see http://www.openbsd.org/cgi-bin/man.cgi?query=style
for the guidelines).
>+ fatal("linux_audit_write_entry failed: %s", strerror(errno));
the close() call in linux_audit_record_event() can reset errno, so if
you're relying on what audit_log_acct_message sets you should save
errno and restore it.
> AUDIT_MODULE=none
> AC_ARG_WITH(audit,
>- [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
>+ [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm,linux)],
I'm removing the EXPERIMENTAL tag as BSM has been in for years.
>- audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
>+ audit.o audit-bsm.o audit-linux.o platform.o sftp-server.o sftp-common.o \
I'm moving the audit bits to a line on its own just for ease of
maintenance.
Will attach an updated patch shortly.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list