Status of Sun BSM/Auditd Support ?

Darren Tucker dtucker at zip.com.au
Mon Dec 20 16:30:03 EST 2004


Darren Tucker wrote:
> I was working on it a while back, but I had trouble testing it (I 
> enabled BSM on my SPARC but it didn't appear to be working, and I'm not 
> sure if I'm doing something wrong) and got sidetracked.

OK, I dusted off my old patch, fixed a few things and split it in two:

openssh-audit-base.patch: adds the instrumentation to sshd and an 
example/debug audit module, and

openssh-audit-bsm.patch: the BSM-specific bits.

I make no guarantees other than it compiles on my boxes.  (If you apply 
just the first you will need to fix Makefile.in by hand).

I suggest we work on getting the hooks into sshd first (either in the 
form in the patch, or inside #ifdefs) then look at the BSM specific 
parts afterwards.

We will also need to resolve the overlap between this and the existing 
sys_auth_allowed_user, sys_auth_record_login and record_failed_login 
functions.

I'll also attach these to the bug:
http://bugzilla.mindrot.org/show_bug.cgi?id=125

Anyone wanting to keep tabs on this may want to add themselves to the CC 
list of that bug.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-audit-base.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041220/2525dc15/attachment.ksh 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-audit-bsm.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041220/2525dc15/attachment-0001.ksh 


More information about the openssh-unix-dev mailing list