diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-09-21 07:07:33 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-09-21 07:07:33 +0000 |
commit | 3fc61fcaeb6c4f73a668795461e276064f449f38 (patch) | |
tree | e89d92d2294a63485849fba4ed404c2f99207ca7 /contrib/openbsm/etc/audit_event | |
parent | 24713adf4396d925450ece7ee61082d0bed8b75a (diff) | |
download | FreeBSD-src-3fc61fcaeb6c4f73a668795461e276064f449f38.zip FreeBSD-src-3fc61fcaeb6c4f73a668795461e276064f449f38.tar.gz |
Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:
OpenBSM 1.0 alpha 11
- Reclassify certain read/write operations as having no class rather than the
fr/fw class; our default classes audit intent (open) not operations (read,
write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
and writes of sysctls as separate events. Add additional kernel
environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
a dropped request, the log file will otherwise grow indefinitely if the
trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
representations of audit_control policy flags and the flags passed to
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
extension to the Solaris file format to allow specification of policy
persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
policy to match it when configuring/reconfiguring. Remove the -s and -h
arguments as these policies are now set via the configuration file. If a
policy line is not found in the configuration file, continue with the
current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.
Obtained from: TrustedBSD Project
Diffstat (limited to 'contrib/openbsm/etc/audit_event')
-rw-r--r-- | contrib/openbsm/etc/audit_event | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event index ebab4ed..346dff7 100644 --- a/contrib/openbsm/etc/audit_event +++ b/contrib/openbsm/etc/audit_event @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#15 $ # 0:AUE_NULL:indir system call:no 1:AUE_EXIT:exit(2):pc @@ -117,8 +117,8 @@ 113:AUE_SYSTEMBOOT:system booted:na 114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad 115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad -128:AUE_WRITEL:writel(2):fw -129:AUE_WRITEVL:writevl(2):fw +128:AUE_WRITEL:writel(2):no +129:AUE_WRITEVL:writevl(2):no 130:AUE_GETAUID:getauid(2):ad 131:AUE_SETAUID:setauid(2):ad 132:AUE_GETAUDIT:getaudit(2):ad @@ -265,7 +265,7 @@ 325:AUE_DARWIN_KDEBUGTRACE:system call:pc 326:AUE_DARWIN_FSTAT:fstat(2):fa 327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa -328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr +328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):no 329:AUE_DARWIN_TRUNCATE:truncate(2):fw 330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw 331:AUE_DARWIN_SYSCTL:sysctl(3):ad @@ -321,8 +321,8 @@ 43017:AUE_KDEBUGTRACE:system call:pc 43018:AUE_FSTAT:fstat(2):fa 43019:AUE_FPATHCONF:fpathconf(2):fa -43020:AUE_GETDIRENTRIES:getdirentries(2):fr -43021:AUE_SYSCTL:sysctl(3):ad +43020:AUE_GETDIRENTRIES:getdirentries(2):no +43021:AUE_SYSCTL:sysctl(3):ot 43022:AUE_MLOCK:mlock(2):pc 43023:AUE_MUNLOCK:munlock(2):pc 43024:AUE_UNDELETE:undelete(2):fm @@ -415,6 +415,9 @@ 43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm 43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa 43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm +43114:AUE_KENV:kenv(8):ad +43115:AUE_JAIL_ATTACH:jail_attach(2):ad +43116:AUE_SYSCTL_WRITE:sysctl(3):ad # # User space system events. # |