diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-09-25 11:40:29 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-09-25 11:40:29 +0000 |
commit | 6b46b736cc84f6697b21608e304026e847ac155d (patch) | |
tree | 923fed11093f1a6d233a2a592922f126f5d88228 /contrib/openbsm/bsm | |
parent | 3fc61fcaeb6c4f73a668795461e276064f449f38 (diff) | |
download | FreeBSD-src-6b46b736cc84f6697b21608e304026e847ac155d.zip FreeBSD-src-6b46b736cc84f6697b21608e304026e847ac155d.tar.gz |
Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change
history notes since the last import:
OpenBSM 1.0 alpha 12
- Correct bug in auditreduce which prevented the -c option from working
correctly when the user specifies to process successful or failed events.
The problem stemmed from not having access to the return token at the time
the initial preselection occurred, but now a second preselection process
occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
line; this was the documented behavior previously, but it was not
implemented. Be more specific in auditreduce(1)'s examples section about
what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
termination of an audit trail file. For example, this might be used to
compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
now supply one or more (comma delimited) regular expressions for searching
the pathnames. If one of the regular expressions is prefixed with a tilde
(~), and a path matches, it will be excluded from the search results.
MFC after: 3 days
Obtained from: TrustedBSD Project
Diffstat (limited to 'contrib/openbsm/bsm')
-rw-r--r-- | contrib/openbsm/bsm/audit_kevents.h | 6 | ||||
-rw-r--r-- | contrib/openbsm/bsm/libbsm.h | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/contrib/openbsm/bsm/audit_kevents.h b/contrib/openbsm/bsm/audit_kevents.h index ef0f47b..434452a 100644 --- a/contrib/openbsm/bsm/audit_kevents.h +++ b/contrib/openbsm/bsm/audit_kevents.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#42 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#43 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -470,6 +470,10 @@ #define AUE_KENV 43114 /* FreeBSD. */ #define AUE_JAIL_ATTACH 43115 /* FreeBSD. */ #define AUE_SYSCTL_WRITE 43116 /* FreeBSD. */ +#define AUE_IOPERM 43117 /* Linux. */ +#define AUE_READDIR 43118 /* Linux. */ +#define AUE_IOPL 43119 /* Linux. */ +#define AUE_VM86 43120 /* Linux. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h index 34d9dbc..2d76c39 100644 --- a/contrib/openbsm/bsm/libbsm.h +++ b/contrib/openbsm/bsm/libbsm.h @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#30 $ */ #ifndef _LIBBSM_H_ @@ -78,6 +78,7 @@ #define DIR_CONTROL_ENTRY "dir" #define MINFREE_CONTROL_ENTRY "minfree" +#define FILESZ_CONTROL_ENTRY "filesz" #define FLAGS_CONTROL_ENTRY "flags" #define NA_CONTROL_ENTRY "naflags" #define POLICY_CONTROL_ENTRY "policy" @@ -719,6 +720,7 @@ void setac(void); void endac(void); int getacdir(char *name, int len); int getacmin(int *min_val); +int getacfilesz(size_t *size_val); int getacflg(char *auditstr, int len); int getacna(char *auditstr, int len); int getacpol(char *auditstr, size_t len); |