Status of Sun BSM/Auditd Support ?
Darren Tucker
dtucker at zip.com.au
Mon Dec 20 16:30:03 EST 2004
Darren Tucker wrote:
> I was working on it a while back, but I had trouble testing it (I
> enabled BSM on my SPARC but it didn't appear to be working, and I'm not
> sure if I'm doing something wrong) and got sidetracked.
OK, I dusted off my old patch, fixed a few things and split it in two:
openssh-audit-base.patch: adds the instrumentation to sshd and an
example/debug audit module, and
openssh-audit-bsm.patch: the BSM-specific bits.
I make no guarantees other than it compiles on my boxes. (If you apply
just the first you will need to fix Makefile.in by hand).
I suggest we work on getting the hooks into sshd first (either in the
form in the patch, or inside #ifdefs) then look at the BSM specific
parts afterwards.
We will also need to resolve the overlap between this and the existing
sys_auth_allowed_user, sys_auth_record_login and record_failed_login
functions.
I'll also attach these to the bug:
http://bugzilla.mindrot.org/show_bug.cgi?id=125
Anyone wanting to keep tabs on this may want to add themselves to the CC
list of that bug.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-audit-base.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041220/2525dc15/attachment.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-audit-bsm.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041220/2525dc15/attachment-0001.ksh
More information about the openssh-unix-dev
mailing list