[sudo-workers] [patch] to add support for BSM audit records
csjp at FreeBSD.org
Sat Nov 29 10:32:07 EST 2008
On Sat, Nov 29, 2008 at 03:08:46PM +0000, Robert Watson wrote:
> Hi Christian:
> This sounds extremely useful. Question: do you think it might be useful to
> add the command line being requested to the audit record via another text
> token? While presumably each execve(2) can be separately audited, the
> original formulation (especially if it involves a pipeline) may be useful.
Yes, I was thinking about that. It probably makes sense to use the argv
token type. I will update the patch.
More information about the sudo-workers