[sudo-workers] [patch] to add support for BSM audit records
rwatson at FreeBSD.org
Sat Nov 29 10:08:46 EST 2008
On Thu, 27 Nov 2008, Christian Peron wrote:
> I would like to propose a patch to add BSM audit support to sudo. This
> patch and associated files adds support for the Sun's Basic Security Module
> (BSM) Audit API and file format. It should be noted that currently FreeBSD,
> OS X and Solaris use BSM. I have not tested on Solaris or OS X but, this
> patch should build on both. This is a starting point, it's possible that I
> could be missing some key error conditions which require auditing.
> Please review and send back any feedback/comments.
This sounds extremely useful. Question: do you think it might be useful to
add the command line being requested to the audit record via another text
token? While presumably each execve(2) can be separately audited, the
original formulation (especially if it involves a pipeline) may be useful.
Robert N M Watson
University of Cambridge
More information about the sudo-workers