[sudo-workers] [patch] to add support for BSM audit records
Christian Peron
csjp at freebsd.org
Sun Nov 30 19:01:42 EST 2008
Strange... not sure what happen here.
http://people.freebsd.org/~csjp/bsm_audit.c
http://people.freebsd.org/~csjp/bsm_audit.h
http://people.freebsd.org/~csjp/sudo.1228089242.diff
Anyway here are the most recent diffs. I've taken Roberts suggestions
into consideration here and I've included the command line in the audit
record. I am not sure that Apple is doing this.
One other area I need to dig a bit further into is the selection code.
Cheers
On Sun, Nov 30, 2008 at 05:49:22PM -0500, Todd C. Miller wrote:
> In message <20081128022748.GA23986 at jnz.sqrt.ca>
> so spake Christian Peron (csjp):
>
> > I would like to propose a patch to add BSM audit support to sudo. This patch
> > and associated files adds support for the Sun's Basic Security Module (BSM)
> > Audit API and file format. It should be noted that currently FreeBSD, OS X
> > and Solaris use BSM. I have not tested on Solaris or OS X but, this patch
> > should build on both. This is a starting point, it's possible that I could
> > be missing some key error conditions which require auditing.
>
> As luck would have it I was reviewing the Apple BSD audit patches
> recently. It's too late for this to go into sudo 1.7.0 but I'd
> like to have official support for BSM and Linux auditing in version
> 1.7.1.
>
> I don't see the bsm_audit.c file in your diff, BTW.
>
> - todd
More information about the sudo-workers
mailing list