summaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/bin/auditd
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/openbsm/bin/auditd')
-rw-r--r--contrib/openbsm/bin/auditd/audit_warn.c17
-rw-r--r--contrib/openbsm/bin/auditd/auditd.c19
-rw-r--r--contrib/openbsm/bin/auditd/auditd.h4
3 files changed, 36 insertions, 4 deletions
diff --git a/contrib/openbsm/bin/auditd/audit_warn.c b/contrib/openbsm/bin/auditd/audit_warn.c
index 7fa5eb9..3239b67 100644
--- a/contrib/openbsm/bin/auditd/audit_warn.c
+++ b/contrib/openbsm/bin/auditd/audit_warn.c
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#6 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $
*/
#include <sys/types.h>
@@ -125,6 +125,21 @@ audit_warn_auditoff(void)
}
/*
+ * Indicate that a trail file has been closed, so can now be post-processed.
+ */
+int
+audit_warn_closefile(char *filename)
+{
+ char *args[3];
+
+ args[0] = CLOSEFILE_WARN;
+ args[1] = filename;
+ args[2] = NULL;
+
+ return (auditwarnlog(args));
+}
+
+/*
* Indicates that the audit deammn is already running
*/
int
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
index 86cf233..7ca2123 100644
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 $
*/
#include <sys/types.h>
@@ -163,9 +163,11 @@ close_lastfile(char *TS)
syslog(LOG_ERR,
"Could not rename %s to %s: %m", oldname,
lastfile);
- else
+ else {
syslog(LOG_INFO, "renamed %s to %s",
oldname, lastfile);
+ audit_warn_closefile(lastfile);
+ }
}
free(lastfile);
free(oldname);
@@ -727,6 +729,8 @@ config_audit_controls(void)
char naeventstr[NA_EVENT_STR_SIZE];
char polstr[POL_STR_SIZE];
long policy;
+ au_fstat_t au_fstat;
+ size_t filesz;
/*
* Process the audit event file, obtaining a class mapping for each
@@ -806,6 +810,17 @@ config_audit_controls(void)
"Failed to set default audit policy: %m");
}
+ /*
+ * Set trail rotation size.
+ */
+ if (getacfilesz(&filesz) == 0) {
+ bzero(&au_fstat, sizeof(au_fstat));
+ au_fstat.af_filesz = filesz;
+ if (auditon(A_SETFSIZE, &au_fstat, sizeof(au_fstat)) < 0)
+ syslog(LOG_ERR, "Failed to set filesz: %m");
+ } else
+ syslog(LOG_ERR, "Failed to obtain filesz: %m");
+
return (0);
}
diff --git a/contrib/openbsm/bin/auditd/auditd.h b/contrib/openbsm/bin/auditd/auditd.h
index 11bf9d4..9c5ae28 100644
--- a/contrib/openbsm/bin/auditd/auditd.h
+++ b/contrib/openbsm/bin/auditd/auditd.h
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 $
*/
#ifndef _AUDITD_H_
@@ -62,6 +62,7 @@ struct dir_ent {
#define HARDLIM_ALL_WARN "allhard"
#define SOFTLIM_ALL_WARN "allsoft"
#define AUDITOFF_WARN "auditoff"
+#define CLOSEFILE_WARN "closefile"
#define EBUSY_WARN "ebusy"
#define GETACDIR_WARN "getacdir"
#define HARDLIM_WARN "hard"
@@ -76,6 +77,7 @@ struct dir_ent {
int audit_warn_allhard(int count);
int audit_warn_allsoft(void);
int audit_warn_auditoff(void);
+int audit_warn_closefile(char *filename);
int audit_warn_ebusy(void);
int audit_warn_getacdir(char *filename);
int audit_warn_hard(char *filename);
OpenPOWER on IntegriCloud