diff options
Diffstat (limited to 'contrib/openbsm/bin/auditd')
-rw-r--r-- | contrib/openbsm/bin/auditd/audit_warn.c | 17 | ||||
-rw-r--r-- | contrib/openbsm/bin/auditd/auditd.c | 19 | ||||
-rw-r--r-- | contrib/openbsm/bin/auditd/auditd.h | 4 |
3 files changed, 36 insertions, 4 deletions
diff --git a/contrib/openbsm/bin/auditd/audit_warn.c b/contrib/openbsm/bin/auditd/audit_warn.c index 7fa5eb9..3239b67 100644 --- a/contrib/openbsm/bin/auditd/audit_warn.c +++ b/contrib/openbsm/bin/auditd/audit_warn.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#6 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $ */ #include <sys/types.h> @@ -125,6 +125,21 @@ audit_warn_auditoff(void) } /* + * Indicate that a trail file has been closed, so can now be post-processed. + */ +int +audit_warn_closefile(char *filename) +{ + char *args[3]; + + args[0] = CLOSEFILE_WARN; + args[1] = filename; + args[2] = NULL; + + return (auditwarnlog(args)); +} + +/* * Indicates that the audit deammn is already running */ int diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index 86cf233..7ca2123 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#23 $ */ #include <sys/types.h> @@ -163,9 +163,11 @@ close_lastfile(char *TS) syslog(LOG_ERR, "Could not rename %s to %s: %m", oldname, lastfile); - else + else { syslog(LOG_INFO, "renamed %s to %s", oldname, lastfile); + audit_warn_closefile(lastfile); + } } free(lastfile); free(oldname); @@ -727,6 +729,8 @@ config_audit_controls(void) char naeventstr[NA_EVENT_STR_SIZE]; char polstr[POL_STR_SIZE]; long policy; + au_fstat_t au_fstat; + size_t filesz; /* * Process the audit event file, obtaining a class mapping for each @@ -806,6 +810,17 @@ config_audit_controls(void) "Failed to set default audit policy: %m"); } + /* + * Set trail rotation size. + */ + if (getacfilesz(&filesz) == 0) { + bzero(&au_fstat, sizeof(au_fstat)); + au_fstat.af_filesz = filesz; + if (auditon(A_SETFSIZE, &au_fstat, sizeof(au_fstat)) < 0) + syslog(LOG_ERR, "Failed to set filesz: %m"); + } else + syslog(LOG_ERR, "Failed to obtain filesz: %m"); + return (0); } diff --git a/contrib/openbsm/bin/auditd/auditd.h b/contrib/openbsm/bin/auditd/auditd.h index 11bf9d4..9c5ae28 100644 --- a/contrib/openbsm/bin/auditd/auditd.h +++ b/contrib/openbsm/bin/auditd/auditd.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 $ */ #ifndef _AUDITD_H_ @@ -62,6 +62,7 @@ struct dir_ent { #define HARDLIM_ALL_WARN "allhard" #define SOFTLIM_ALL_WARN "allsoft" #define AUDITOFF_WARN "auditoff" +#define CLOSEFILE_WARN "closefile" #define EBUSY_WARN "ebusy" #define GETACDIR_WARN "getacdir" #define HARDLIM_WARN "hard" @@ -76,6 +77,7 @@ struct dir_ent { int audit_warn_allhard(int count); int audit_warn_allsoft(void); int audit_warn_auditoff(void); +int audit_warn_closefile(char *filename); int audit_warn_ebusy(void); int audit_warn_getacdir(char *filename); int audit_warn_hard(char *filename); |