diff options
| author | rwatson <rwatson@FreeBSD.org> | 2006-01-31 19:40:12 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2006-01-31 19:40:12 +0000 |
| commit | 3fdf6fa244dacc3457a4a9e0e97f27ef50422fe1 (patch) | |
| tree | c4e450cb39e9c6a30103f365387470a9c9566bca /contrib/openbsm/etc | |
| download | FreeBSD-src-3fdf6fa244dacc3457a4a9e0e97f27ef50422fe1.zip FreeBSD-src-3fdf6fa244dacc3457a4a9e0e97f27ef50422fe1.tar.gz | |
Initial vendor import of the TrustedBSD OpenBSM distribution, version
1.0 alpha 1, an implementation of the documented Sun Basic Security
Module (BSM) Audit API and file format, as well as local extensions to
support the Mac OS X and FreeBSD operating systems. Also included are
command line tools for audit trail reduction and conversion to text,
as well as documentation of the commands, file format, and APIs. This
distribution is the foundation for the TrustedBSD Audit implementation,
and is a pre-release.
This is the first in a series of commits to introduce support for
Common Criteria CAPP security event audit support.
This software has been made possible through the generous
contributions of Apple Computer, Inc., SPARTA, Inc., as well as
members of the TrustedBSD Project, including Wayne Salamon <wsalamon>
and Tom Rhodes <trhodes>. The original OpenBSM implementation was
created by McAfee Research under contract to Apple Computer, Inc., as
part of their CC CAPP security evaluation.
Many thanks to: wsalamon, trhodes
Obtained from: TrustedBSD Project
Diffstat (limited to 'contrib/openbsm/etc')
| -rw-r--r-- | contrib/openbsm/etc/audit_class | 25 | ||||
| -rw-r--r-- | contrib/openbsm/etc/audit_control | 7 | ||||
| -rw-r--r-- | contrib/openbsm/etc/audit_event | 343 | ||||
| -rw-r--r-- | contrib/openbsm/etc/audit_user | 5 | ||||
| -rw-r--r-- | contrib/openbsm/etc/audit_warn | 5 |
5 files changed, 385 insertions, 0 deletions
diff --git a/contrib/openbsm/etc/audit_class b/contrib/openbsm/etc/audit_class new file mode 100644 index 0000000..9f596a2 --- /dev/null +++ b/contrib/openbsm/etc/audit_class @@ -0,0 +1,25 @@ +# +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#3 $ +# +# This file must match audit.h +# +0x00000000:no:invalid class +0x00000001:fr:file read +0x00000002:fw:file write +0x00000004:fa:file attribute access +0x00000008:fm:file attribute modify +0x00000010:fc:file create +0x00000020:fd:file delete +0x00000040:cl:file close +0x00000080:pc:process +0x00000100:nt:network +0x00000200:ip:ipc +0x00000400:na:non attributable +0x00000800:ad:administrative +0x00001000:lo:login_logout +0x00002000:tf:tfm +0x00004000:ap:application +0x20000000:io:ioctl +0x40000000:ex:exec +0x80000000:ot:miscellaneous +0xffffffff:all:all flags set diff --git a/contrib/openbsm/etc/audit_control b/contrib/openbsm/etc/audit_control new file mode 100644 index 0000000..f6ca774 --- /dev/null +++ b/contrib/openbsm/etc/audit_control @@ -0,0 +1,7 @@ +# +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#2 $ +# +dir:/var/audit +flags:lo,ad,-all,^-fa,^-fc,^-cl +minfree:20 +naflags:lo diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event new file mode 100644 index 0000000..01a3a5b --- /dev/null +++ b/contrib/openbsm/etc/audit_event @@ -0,0 +1,343 @@ +# +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#10 $ +# +0:AUE_NULL:indir system call:no +1:AUE_EXIT:exit(2):pc +2:AUE_FORK:fork(2):pc +3:AUE_OPEN:open(2) - attr only:fa +4:AUE_CREAT:creat(2):fc +5:AUE_LINK:link(2):fc +6:AUE_UNLINK:unlink(2):fd +7:AUE_EXEC:exec(2):pc,ex +8:AUE_CHDIR:chdir(2):pc +9:AUE_MKNOD:mknod(2):fc +10:AUE_CHMOD:chmod(2):fm +11:AUE_CHOWN:chown(2):fm +12:AUE_UMOUNT:umount(2) - old version:ad +13:AUE_JUNK:junk:no +14:AUE_ACCESS:access(2):fa +15:AUE_KILL:kill(2):pc +16:AUE_STAT:stat(2):fa +17:AUE_LSTAT:lstat(2):fa +18:AUE_ACCT:acct(2):ad +19:AUE_MCTL:mctl(2):no +20:AUE_REBOOT:reboot(2):ad +21:AUE_SYMLINK:symlink(2):fc +22:AUE_READLINK:readlink(2):fr +23:AUE_EXECVE:execve(2):pc,ex +24:AUE_CHROOT:chroot(2):pc +25:AUE_VFORK:vfork(2):pc +26:AUE_SETGROUPS:setgroups(2):pc +27:AUE_SETPGRP:setpgrp(2):pc +28:AUE_SWAPON:swapon(2):ad +29:AUE_SETHOSTNAME:sethostname(2):ad +30:AUE_FCNTL:fcntl(2):fm +31:AUE_SETPRIORITY:setpriority(2):pc +32:AUE_CONNECT:connect(2):nt +33:AUE_ACCEPT:accept(2):nt +34:AUE_BIND:bind(2):nt +35:AUE_SETSOCKOPT:setsockopt(2):nt +36:AUE_VTRACE:vtrace(2):pc +37:AUE_SETTIMEOFDAY:settimeofday(2):ad +38:AUE_FCHOWN:fchown(2):fm +39:AUE_FCHMOD:fchmod(2):fm +40:AUE_SETREUID:setreuid(2):pc +41:AUE_SETREGID:setregid(2):pc +42:AUE_RENAME:rename(2):fc,fd +43:AUE_TRUNCATE:truncate(2):fw +44:AUE_FTRUNCATE:ftruncate(2):fw +45:AUE_FLOCK:flock(2):fm +46:AUE_SHUTDOWN:shutdown(2):nt +47:AUE_MKDIR:mkdir(2):fc +48:AUE_RMDIR:rmdir(2):fd +49:AUE_UTIMES:utimes(2):fm +50:AUE_ADJTIME:adjtime(2):ad +51:AUE_SETRLIMIT:setrlimit(2):pc +52:AUE_KILLPG:killpg(2):pc +53:AUE_NFS_SVC:nfs_svc(2):ad +54:AUE_STATFS:statfs(2):fa +55:AUE_FSTATFS:fstatfs(2):fa +56:AUE_UNMOUNT:unmount(2):ad +57:AUE_ASYNC_DAEMON:async_daemon(2):ad +58:AUE_NFS_GETFH:nfs_getfh(2):ad +59:AUE_SETDOMAINNAME:setdomainname(2):ad +60:AUE_QUOTACTL:quotactl(2):ad +61:AUE_EXPORTFS:exportfs(2):ad +62:AUE_MOUNT:mount(2):ad +63:AUE_SEMSYS:semsys(2):ip +64:AUE_MSGSYS:msgsys(2):ip +65:AUE_SHMSYS:shmsys(2):ip +66:AUE_BSMSYS:bsmsys(2):ad +67:AUE_RFSSYS:rfssys(2):ad +68:AUE_FCHDIR:fchdir(2):pc +69:AUE_FCHROOT:fchroot(2):pc +70:AUE_VPIXSYS:vpixsys(2):no +71:AUE_PATHCONF:pathconf(2):fa +72:AUE_OPEN_R:open(2) - read:fr +73:AUE_OPEN_RC:open(2) - read,creat:fc,fr,fa,fm +74:AUE_OPEN_RT:open(2) - read,trunc:fd,fr,fa,fm +75:AUE_OPEN_RTC:open(2) - read,creat,trunc:fc,fd,fr,fa,fm +76:AUE_OPEN_W:open(2) - write:fw +77:AUE_OPEN_WC:open(2) - write,creat:fc,fw,fa,fm +78:AUE_OPEN_WT:open(2) - write,trunc:fd,fw,fa,fm +79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw,fa,fm +80:AUE_OPEN_RW:open(2) - read,write:fr,fw +81:AUE_OPEN_RWC:open(2) - read,write,creat:fc,fw,fr,fa,fm +82:AUE_OPEN_RWT:open(2) - read,write,trunc:fd,fr,fw,fa,fm +83:AUE_OPEN_RWTC:open(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm +84:AUE_MSGCTL:msgctl(2) - illegal command:ip +85:AUE_MSGCTL_RMID:msgctl(2) - IPC_RMID command:ip +86:AUE_MSGCTL_SET:msgctl(2) - IPC_SET command:ip +87:AUE_MSGCTL_STAT:msgctl(2) - IPC_STAT command:ip +88:AUE_MSGGET:msgget(2):ip +89:AUE_MSGRCV:msgrcv(2):ip +90:AUE_MSGSND:msgsnd(2):ip +91:AUE_SHMCTL:shmctl(2) - illegal command:ip +92:AUE_SHMCTL_RMID:shmctl(2) - IPC_RMID command:ip +93:AUE_SHMCTL_SET:shmctl(2) - IPC_SET command:ip +94:AUE_SHMCTL_STAT:shmctl(2) - IPC_STAT command:ip +95:AUE_SHMGET:shmget(2):ip +96:AUE_SHMAT:shmat(2):ip +97:AUE_SHMDT:shmdt(2):ip +98:AUE_SEMCTL:semctl(2) - illegal command:ip +99:AUE_SEMCTL_RMID:semctl(2) - IPC_RMID command:ip +100:AUE_SEMCTL_SET:semctl(2) - IPC_SET command:ip +101:AUE_SEMCTL_STAT:semctl(2) - IPC_STAT command:ip +102:AUE_SEMCTL_GETNCNT:semctl(2) - GETNCNT command:ip +103:AUE_SEMCTL_GETPID:semctl(2) - GETPID command:ip +104:AUE_SEMCTL_GETVAL:semctl(2) - GETVAL command:ip +105:AUE_SEMCTL_GETALL:semctl(2) - GETALL command:ip +106:AUE_SEMCTL_GETZCNT:semctl(2) - GETZCNT command:ip +107:AUE_SEMCTL_SETVAL:semctl(2) - SETVAL command:ip +108:AUE_SEMCTL_SETALL:semctl(2) - SETALL command:ip +109:AUE_SEMGET:semget(2):ip +110:AUE_SEMOP:semop(2):ip +111:AUE_CORE:process dumped core:fc +112:AUE_CLOSE:close(2):cl +113:AUE_SYSTEMBOOT:system booted:na +114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad +115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad +128:AUE_WRITEL:writel(2):fw +129:AUE_WRITEVL:writevl(2):fw +130:AUE_GETAUID:getauid(2):ad +131:AUE_SETAUID:setauid(2):ad +132:AUE_GETAUDIT:getaudit(2):ad +133:AUE_SETAUDIT:setaudit(2):ad +134:AUE_GETUSERAUDIT:getuseraudit(2):ad +135:AUE_SETUSERAUDIT:setuseraudit(2):ad +136:AUE_AUDITSVC:auditsvc(2):ad +137:AUE_AUDITUSER:audituser(2):ad +138:AUE_AUDITON:auditon(2):ad +139:AUE_AUDITON_GTERMID:auditon(2) - GETTERMID command:ad +140:AUE_AUDITON_STERMID:auditon(2) - SETTERMID command:ad +141:AUE_AUDITON_GPOLICY:auditon(2) - GPOLICY command:ad +142:AUE_AUDITON_SPOLICY:auditon(2) - SPOLICY command:ad +143:AUE_AUDITON_GESTATE:auditon(2) - GESTATE command:ad +144:AUE_AUDITON_SESTATE:auditon(2) - SESTATE command:ad +145:AUE_AUDITON_GQCTRL:auditon(2) - GQCTRL command:ad +146:AUE_AUDITON_SQCTRL:auditon(2) - SQCTRL command:ad +147:AUE_GETKERNSTATE:getkernstate(2):ad +148:AUE_SETKERNSTATE:setkernstate(2):ad +149:AUE_GETPORTAUDIT:getportaudit(2):ad +150:AUE_AUDITSTAT:auditstat(2):ad +153:AUE_ENTERPROM:enter prom:ad +154:AUE_EXITPROM:exit prom:ad +158:AUE_IOCTL:ioctl(2):io +173:AUE_ONESIDE:one-sided session record:nt +174:AUE_MSGGETL:msggetl(2):ip +175:AUE_MSGRCVL:msgrcvl(2):ip +176:AUE_MSGSNDL:msgsndl(2):ip +177:AUE_SEMGETL:semgetl(2):ip +178:AUE_SHMGETL:shmgetl(2):ip +183:AUE_SOCKET:socket(2):nt +184:AUE_SENDTO:sendto(2):nt +185:AUE_PIPE:pipe(2):ip +186:AUE_SOCKETPAIR:socketpair(2):nt +187:AUE_SEND:send(2):nt +188:AUE_SENDMSG:sendmsg(2):nt +189:AUE_RECV:recv(2):nt +190:AUE_RECVMSG:recvmsg(2):nt +191:AUE_RECVFROM:recvfrom(2):nt +192:AUE_READ:read(2):no +193:AUE_GETDENTS:getdents(2):no +194:AUE_LSEEK:lseek(2):no +195:AUE_WRITE:write(2):no +196:AUE_WRITEV:writev(2):no +197:AUE_NFS:nfs server:ad +198:AUE_READV:readv(2):no +199:AUE_OSTAT:old stat(2):fa +200:AUE_SETUID:setuid(2):pc +201:AUE_STIME:old stime(2):ad +202:AUE_UTIME:old utime(2):fm +203:AUE_NICE:old nice(2):pc +204:AUE_OSETPGRP:old setpgrp(2):pc +205:AUE_SETGID:setgid(2):pc +206:AUE_READL:readl(2):no +207:AUE_READVL:readvl(2):no +209:AUE_DUP2:dup2(2):no +210:AUE_MMAP:mmap(2):no +211:AUE_AUDIT:audit(2):ot +212:AUE_PRIOCNTLSYS:priocntlsys(2):pc +213:AUE_MUNMAP:munmap(2):cl +214:AUE_SETEGID:setegid(2):pc +215:AUE_SETEUID:seteuid(2):pc +216:AUE_PUTMSG:putmsg(2):nt +217:AUE_GETMSG:getmsg(2):nt +218:AUE_PUTPMSG:putpmsg(2):nt +219:AUE_GETPMSG:getpmsg(2):nt +220:AUE_AUDITSYS:audit system calls place holder:no +221:AUE_AUDITON_GETKMASK:auditon(2) - get kernel mask:ad +222:AUE_AUDITON_SETKMASK:auditon(2) - set kernel mask:ad +223:AUE_AUDITON_GETCWD:auditon(2) - get cwd:ad +224:AUE_AUDITON_GETCAR:auditon(2) - get car:ad +225:AUE_AUDITON_GETSTAT:auditon(2) - get audit statistics:ad +226:AUE_AUDITON_SETSTAT:auditon(2) - reset audit statistics:ad +227:AUE_AUDITON_SETUMASK:auditon(2) - set mask per uid:ad +228:AUE_AUDITON_SETSMASK:auditon(2) - set mask per session ID:ad +229:AUE_AUDITON_GETCOND:auditon(2) - get audit state:ad +230:AUE_AUDITON_SETCOND:auditon(2) - set audit state:ad +231:AUE_AUDITON_GETCLASS:auditon(2) - get event class:ad +232:AUE_AUDITON_SETCLASS:auditon(2) - set event class:ad +233:AUE_UTSSYS:utssys(2) - fusers:ad +234:AUE_STATVFS:statvfs(2):fa +235:AUE_XSTAT:xstat(2):fa +236:AUE_LXSTAT:lx6stat(2):fa +237:AUE_LCHOWN:lchown(2):fm +238:AUE_MEMCNTL:memcntl(2):ot +239:AUE_SYSINFO:sysinfo(2):ad +240:AUE_XMKNOD:xmknod(2):fc +241:AUE_FORK1:fork1(2):pc +242:AUE_MODCTL:modctl(2) system call place holder:no +243:AUE_MODLOAD:modctl(2) - load module:ad +244:AUE_MODUNLOAD:modctl(2) - unload module:ad +245:AUE_MODCONFIG:modctl(2) - configure module:ad +246:AUE_MODADDMAJ:modctl(2) - bind module:ad +247:AUE_SOCKACCEPT:getmsg-accept:nt +248:AUE_SOCKCONNECT:putmsg-connect:nt +249:AUE_SOCKSEND:putmsg-send:nt +250:AUE_SOCKRECEIVE:getmsg-receive:nt +251:AUE_ACLSET:acl(2) - SETACL comand:fm +252:AUE_FACLSET:facl(2) - SETACL command:fm +253:AUE_DOORFS:doorfs(2) - system call place holder:no +254:AUE_DOORFS_DOOR_CALL:doorfs(2) - DOOR_CALL:ip +255:AUE_DOORFS_DOOR_RETURN:doorfs(2) - DOOR_RETURN:ip +256:AUE_DOORFS_DOOR_CREATE:doorfs(2) - DOOR_CREATE:ip +257:AUE_DOORFS_DOOR_REVOKE:doorfs(2) - DOOR_REVOKE:ip +258:AUE_DOORFS_DOOR_INFO:doorfs(2) - DOOR_INFO:ip +259:AUE_DOORFS_DOOR_CRED:doorfs(2) - DOOR_CRED:ip +260:AUE_DOORFS_DOOR_BIND:doorfs(2) - DOOR_BIND:ip +261:AUE_DOORFS_DOOR_UNBIND:doorfs(2) - DOOR_UNBIND:ip +262:AUE_P_ONLINE:p_online(2):ad +263:AUE_PROCESSOR_BIND:processor_bind(2):ad +264:AUE_INST_SYNC:inst_sync(2):ad +266:AUE_SETAUDIT_ADDR:setaudit_addr(2):ad +267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad +268:AUE_CLOCK_SETTIME:clock_settime(2):ad +269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad +301:AUE_GETFSSTAT:getfsstat(2):fa +302:AUE_PTRACE:ptrace(2):pc +303:AUE_CHFLAGS:chflags(2):fm +304:AUE_FCHFLAGS:fchflags(2):fm +305:AUE_PROFILE:profil(2):pc +306:AUE_KTRACE:ktrace(2):pc +307:AUE_SETLOGIN:setlogin(2):pc +308:AUE_DARWIN_REBOOT:reboot(2):ad +309:AUE_REVOKE:revoke(2):cl +310:AUE_UMASK:umask(2):pc +311:AUE_MPROTECT:mprotect(2):fm +312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot +313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad +314:AUE_DARWIN_FLOCK:flock(2):fm +315:AUE_MKFIFO:mkfifo(2):fc +316:AUE_POLL:poll(2):no +317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt +318:AUE_FUTIMES:futimes(2):fm +319:AUE_SETSID:setsid(2):pc +320:AUE_SETPRIVEXEC:setprivexec(2):pc +321:AUE_DARWIN_NFSSVC:nfssvc(2):ad +322:AUE_DARWIN_GETFH:getfh(2):fa +323:AUE_DARWIN_QUOTACTL:quotactl(2):ad +324:AUE_ADDPROFILE:system call:pc +325:AUE_KDEBUGTRACE:system call:pc +326:AUE_FSTAT:fstat(2):fa +327:AUE_FPATHCONF:fpathconf(2):fa +328:AUE_GETDIRENTRIES:getdirentries(2):fr +329:AUE_DARWIN_TRUNCATE:truncate(2):fw +330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw +331:AUE_SYSCTL:sysctl(3):ad +332:AUE_MLOCK:mlock(2):pc +333:AUE_MUNLOCK:munlock(2):pc +334:AUE_UNDELETE:undelete(2):fm +335:AUE_GETATTRLIST:getattrlist():fa +336:AUE_SETATTRLIST:setattrlist():fm +337:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa +338:AUE_EXCHANGEDATA:exchangedata():fw +339:AUE_SEARCHFS:searchfs():fa +340:AUE_MINHERIT:minherit(2):pc +341:AUE_SEMCONFIG:semconfig():ip +342:AUE_SEMOPEN:sem_open(2):ip +343:AUE_SEMCLOSE:sem_close(2):ip +344:AUE_SEMUNLINK:sem_unlink(2):ip +345:AUE_SHMOPEN:shm_open(2):ip +346:AUE_SHMUNLINK:shm_unlink(2):ip +347:AUE_LOADSHFILE:load_shared_file():fr +348:AUE_RESETSHFILE:reset_shared_file():ot +349:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot +350:AUE_PTHREADKILL:pthread_kill(2):pc +351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc +352:AUE_AUDITCTL:auditctl(2):ad +353:AUE_RFORK:rfork(2):pc +354:AUE_LCHMOD:lchmod(2):fm +355:AUE_SWAPOFF:swapoff():ad +356:AUE_INITPROCESS:init_process():pc +357:AUE_MAPFD:map_fd():fa +358:AUE_TASKFORPID:task_for_pid():pc +359:AUE_PIDFORTASK:pid_for_task():pc +360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot +361:AUE_COPYFILE:copyfile():fr,fw +362:AUE_LUTIMES:lutimes(2):fm +363:AUE_LCHFLAGS:lchflags(2):fm +364:AUE_SENDFILE:sendfile(2):nt +365:AUE_USELIB:uselib(2):fa +366:AUE_GETRESUID:getresuid(2):pc +367:AUE_SETRESUID:setresuid(2):pc +368:AUE_GETRESGID:getresgid(2):pc +369:AUE_SETRESGID:setresgid(2):pc +370:AUE_WAIT4:wait4(2):pc +371:AUE_LGETFH:lgetfh(2):fa +372:AUE_FHSTATFS:fhstatfs(2):fa +373:AUE_FHOPEN:fhopen(2):fa +374:AUE_FHSTAT:fhstat(2):fa +375:AUE_JAIL:jail(2):pc +376:AUE_EACCESS:eaccess(2):fa +377:AUE_KQUEUE:kqueue(2):no +378:AUE_KEVENT:kevent(2):no +379:AUE_FSYNC:fsync(2):fm +380:AUE_NMOUNT:nmount(2):ad +6152:AUE_login:login - local:lo +6153:AUE_logout:logout - local:lo +6159:AUE_su:su(1):lo +6160:AUE_halt:system halt:ad +6168:AUE_shutdown:system shutdown:ad +6171:AUE_audit_startup:audit startup:ad +6172:AUE_audit_shutdown:audit shutdown:ad +6207:AUE_create_user:create user:ad +6208:AUE_modify_user:modify user:ad +6209:AUE_delete_user:delete user:ad +6210:AUE_disable_user:disable user:ad +6211:AUE_enable_user::ad +6300:AUE_sudo:sudo(1):ad +6501:AUE_modify_password:modify password:ad +6511:AUE_create_group:create group:ad +6512:AUE_delete_group:delete group:ad +6513:AUE_modify_group:modify group:ad +6514:AUE_add_to_group:add to group:ad +6515:AUE_remove_from_group:remove from group:ad +6521:AUE_revoke_obj:revoke object priv:fm +6600:AUE_lw_login:loginwindow login:lo +6601:AUE_lw_logout:loginwindow logout:lo +7000:AUE_auth_user:user authentication:ad +7001:AUE_ssconn:SecSrvr connection setup:ad +7002:AUE_ssauthorize:SecSrvr AuthEngine:ad +7003:AUE_ssauthint:SecSrvr authinternal mech:ad +32800:AUE_openssh:OpenSSH login:lo diff --git a/contrib/openbsm/etc/audit_user b/contrib/openbsm/etc/audit_user new file mode 100644 index 0000000..925729c --- /dev/null +++ b/contrib/openbsm/etc/audit_user @@ -0,0 +1,5 @@ +# +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#2 $ +# +root:lo:no +audit:fc:no diff --git a/contrib/openbsm/etc/audit_warn b/contrib/openbsm/etc/audit_warn new file mode 100644 index 0000000..3612fc9 --- /dev/null +++ b/contrib/openbsm/etc/audit_warn @@ -0,0 +1,5 @@ +#!/bin/sh +# +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_warn#3 $ +# +logger -p security.warning "audit warning: $@" |
