[Bug 1402] Support auditing through Linux Audit subsystem

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Oct 12 14:20:30 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1402

--- Comment #7 from Darren Tucker <dtucker at zip.com.au> 2010-10-12 14:20:29 EST ---
Comment on attachment 1931
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1931
improoved patch


>+/* #pragma ident	"@(#)audit-linux.c	1.1	01/09/17 SMI" */

It looks like this file was originally based on the Sun-copyright
audit-bsm.c.  That said, it looks like none of the original Sun code
remains.

>+		else
>+                        return 0; /* Must prevent login */

whitespace.

>+	if (rc >= 0)
>+		return 1;
>+	else
>+		return 0;

  return(rc >= 0); ?

>+	if (linux_audit_record_event(li->uid, NULL, li->hostname,
>+		NULL, li->line, 1) == 0)

indenting wrong (see http://www.openbsd.org/cgi-bin/man.cgi?query=style
for the guidelines).

>+	fatal("linux_audit_write_entry failed: %s", strerror(errno));

the close() call in linux_audit_record_event() can reset errno, so if
you're relying on what audit_log_acct_message sets you should save
errno and restore it.

> AUDIT_MODULE=none
> AC_ARG_WITH(audit,
>-	[  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
>+	[  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm,linux)],

I'm removing the EXPERIMENTAL tag as BSM has been in for years.

>-	audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
>+	audit.o audit-bsm.o audit-linux.o platform.o sftp-server.o sftp-common.o \

I'm moving the audit bits to a line on its own just for ease of
maintenance.

Will attach an updated patch shortly.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list