[sudo-workers] [patch] to add support for BSM audit records
csjp at freebsd.org
Sun Nov 30 19:01:42 EST 2008
Strange... not sure what happen here.
Anyway here are the most recent diffs. I've taken Roberts suggestions
into consideration here and I've included the command line in the audit
record. I am not sure that Apple is doing this.
One other area I need to dig a bit further into is the selection code.
On Sun, Nov 30, 2008 at 05:49:22PM -0500, Todd C. Miller wrote:
> In message <20081128022748.GA23986 at jnz.sqrt.ca>
> so spake Christian Peron (csjp):
> > I would like to propose a patch to add BSM audit support to sudo. This patch
> > and associated files adds support for the Sun's Basic Security Module (BSM)
> > Audit API and file format. It should be noted that currently FreeBSD, OS X
> > and Solaris use BSM. I have not tested on Solaris or OS X but, this patch
> > should build on both. This is a starting point, it's possible that I could
> > be missing some key error conditions which require auditing.
> As luck would have it I was reviewing the Apple BSD audit patches
> recently. It's too late for this to go into sudo 1.7.0 but I'd
> like to have official support for BSM and Linux auditing in version
> I don't see the bsm_audit.c file in your diff, BTW.
> - todd
More information about the sudo-workers