Status of Sun BSM/Auditd Support ?
Phil Dibowitz
phil at usc.edu
Mon Dec 20 17:59:11 EST 2004
On Mon, Dec 20, 2004 at 04:30:03PM +1100, Darren Tucker wrote:
> Darren Tucker wrote:
> >I was working on it a while back, but I had trouble testing it (I
> >enabled BSM on my SPARC but it didn't appear to be working, and I'm not
> >sure if I'm doing something wrong) and got sidetracked.
>
> OK, I dusted off my old patch, fixed a few things and split it in two:
>
> openssh-audit-base.patch: adds the instrumentation to sshd and an
> example/debug audit module, and
>
> openssh-audit-bsm.patch: the BSM-specific bits.
>
> I make no guarantees other than it compiles on my boxes. (If you apply
> just the first you will need to fix Makefile.in by hand).
>
> I suggest we work on getting the hooks into sshd first (either in the
> form in the patch, or inside #ifdefs) then look at the BSM specific
> parts afterwards.
>
> We will also need to resolve the overlap between this and the existing
> sys_auth_allowed_user, sys_auth_record_login and record_failed_login
> functions.
>
> I'll also attach these to the bug:
> http://bugzilla.mindrot.org/show_bug.cgi?id=125
>
> Anyone wanting to keep tabs on this may want to add themselves to the CC
> list of that bug.
I'll add myself to the CC in the morning when I get to work. Additionally,
I'll apply the patch, compile a version, and install it on a testbox. I'll
report back what I find.
Thanks.
--
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041219/502a83ac/attachment.bin
More information about the openssh-unix-dev
mailing list