OpenSSH and BSM

Darren Tucker dtucker at zip.com.au
Mon Jan 31 12:02:25 EST 2005


alex.bell at bt.com wrote:
> I've recently received a requirement to implement OpenSSH on a Solaris
> server with BSM enabled. Checking through the list archive suggests that
> the patch Darren's patch is almost ready but requires testing & perhaps
> fine-tuning.

It's not my patch, it's really Sun's (and John R Jackson's who was 
caring for and feeding it for a good while).

> Can someone please let me know what the status is and if any assistance
> is required with testing I'm happy to offer an extra pair of hands.

Current status is that the instrumentation in sshd is about ready to be 
committed (although I'd be happy if someone could look over the privsep 
bits in the current patch).

As to the actual BSM part, I have a version that uses those hooks.  It 
will write audit records (although whether or not those records are 
complete crap is another question :-).  I can make what I have available 
for testing/review/improvement but it's currently incomplete.

I have some queries about the BSM audit model and how to match it to the 
SSH2 protocol's world view (those are attached to bug [1]).  If there 
are any folks that know BSM better than me (ie at all) then they could 
help by answering some of those questions.

[1] http://bugzilla.mindrot.org/show_bug.cgi?id=125

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list