[Bug 2] sshd should have BSM auditing on Solaris

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri May 10 09:12:28 EST 2002


------- Additional Comments From Darren.Moffat at Sun.COM  2002-05-10 09:12 -------
I've added a new set of attachments for BSM audit diffs against 3.1p1,
these build (as per below) and work on Solaris 9.  The audit interfaces
used by this code should allow it to work on all Solaris releases from
2.4 onwards, though I haven't built and tested on anything other than Solaris 9.

Note that the required changes to autoconf are not included in this.
Someone more familiar with autoconf is better qualified to add those,
particularly if you want to have a --with-solarisbsm option.

To use the patch as it stands just now:
        1. bsmaudit.o needs to be added to SSHDOBJS
        2. HAVE_BSM_AUDIT_H needs to be defined
        3. sshd needs to be linked with -lbsm (which is in /usr/lib).

The diffs also include a suggested update to the INSTALL file that mentions
the need to update audit_event, the included changes to buildpkg.sh add
a postinstall script that does the update.  I'm more than happy for this to
be reworded or moved somewhere more appropriate.

Finally I would like to publicly say sorry to Theo personally and all of
the OpenSSH developers and Solaris users for the delay in getting the patches
posted.  The delay was not caused by Sun Microsystems Inc but by procrastination
on my part.  A mail from Theo today reminded me I had dropped the ball on
this and prompted me to complete the work to its current stage.

The changes and new files maybe included in any revision of OpenSSH,
they are under the following license which is included in bsmaudit.h
and bsmaudit.c, this is what is refered to by the phrase "Use is subject
to license terms" that appears beneath the copyright notice.

 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list