diff options
Diffstat (limited to 'contrib/openbsm')
-rw-r--r-- | contrib/openbsm/CHANGELOG | 97 | ||||
-rw-r--r-- | contrib/openbsm/FREEBSD-upgrade | 44 | ||||
-rw-r--r-- | contrib/openbsm/Makefile | 9 | ||||
-rw-r--r-- | contrib/openbsm/bin/Makefile | 10 | ||||
-rw-r--r-- | contrib/openbsm/bin/audit/Makefile | 12 | ||||
-rw-r--r-- | contrib/openbsm/bin/auditd/Makefile | 13 | ||||
-rw-r--r-- | contrib/openbsm/bin/auditreduce/Makefile | 12 | ||||
-rw-r--r-- | contrib/openbsm/bin/praudit/Makefile | 12 | ||||
-rw-r--r-- | contrib/openbsm/bsm/Makefile | 22 | ||||
-rw-r--r-- | contrib/openbsm/config/config.h | 189 | ||||
-rw-r--r-- | contrib/openbsm/etc/audit_class | 1 | ||||
-rw-r--r-- | contrib/openbsm/etc/audit_control | 1 | ||||
-rw-r--r-- | contrib/openbsm/etc/audit_event | 290 | ||||
-rw-r--r-- | contrib/openbsm/etc/audit_user | 1 | ||||
-rw-r--r-- | contrib/openbsm/etc/audit_warn | 1 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/Makefile | 125 | ||||
-rw-r--r-- | contrib/openbsm/man/Makefile | 22 | ||||
-rw-r--r-- | contrib/openbsm/tools/Makefile | 13 |
18 files changed, 352 insertions, 522 deletions
diff --git a/contrib/openbsm/CHANGELOG b/contrib/openbsm/CHANGELOG deleted file mode 100644 index 9856109..0000000 --- a/contrib/openbsm/CHANGELOG +++ /dev/null @@ -1,97 +0,0 @@ -OpenBSM 1.0 alpha 4 - -- Remove "audit" user example from audit_user, as it's not present on most - systems. -- Add cannot_audit() function non-Darwin systems that wraps auditon(); - required by OpenSSH BSM support. Convert Darwin cannot_audit() into a - function rather than a macro. -- Library build fixed on Darwin following include file tweaks. The native - Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so - for now we force bsm_wrappers.c to not perform a nested include of - sys/audit.h. - -OpenBSM 1.0 alpha 3 - -- Man page formatting, cross reference, mlinks, and accuracy improvements. -- auditd and tools now compile and run on FreeBSD/arm. -- auditd will now fchown() the trail file to the audit review group, if - defined at compile-time. -- Added AUE_SYSARCH for FreeBSD. -- Definition of AUE_SETFSGID fixed for Linux. - -OpenBSM 1.0 alpha 2 - -- Man page formatting improvements. -- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b - events. -- Remove 'tfm' class, unused in OpenBSM. - -OpenBSM 1.0 alpha 1 - -- Import of Darwin74 BSM drop -- Use 'syslog' for audit log warnings, rather than echoing to a file in - audit_warn. -- Compile using BSD make infrastructure. -- Integrate bsm/ include files from Darwin74 XNU drop into OpenBSM. -- Narrow set of symbols and defines that are exposed in user space: don't - compile in code relying on kernel-only types such as 'struct socket'. -- Add README, including basic build documentation. -- Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__. -- Staticize libbsm global variables to avoid leakage into application. -- Add free_au_user_ent() so that au_user_ent's don't have to be leaked. -- Clean up bogus nul-termination checks in libbsm. -- Add libbsm API man pages: au_class.3 au_control.3 au_event.3 - au_free_token.3 au_io.3 au_mask.3 au_token.3 au_user.3 libbsm.3. -- Add man pages for BSM system calls: audit.2 auditctl.2 auditon.2 getaudit.2 - getauid.2 setaudit.2 setauid.2 -- Modify various libbsm interfaces to more consistently return 'errno' values - on failure. -- Break out au_close() into constituent parts, allowing records to be written - to memory as well as files. -- Prefix various defines with 'BSM_' to reduce name space pollution. -- Added audit_internal.h, which can be used by a kernel audit implementation - wanting to rely on libbsm components. -- Build with warnings, and eliminate warnings. -- Make libbsm endian-independent, storing and reading BSM are big endian - (network byte order) rather than native byte order. More consistently - print IP addresses using the IP address print routine. These changes - make use of sys/endian.h from *BSD; since this isn't present on Darwin, - add it to OpenBSM as compat/endian.h, which is used only on Darwin. -- Import of Darwin80 BSM drop, including 64-bit file IDs, better - documentation of private APIs, and bug fixes. -- White space cleanup. -- Add audit.log.5, a first cut at a man page documenting the BSM file format. -- Teach au_read_rec() to recognize stand-alone file tokens, which are present - at the beginning and end of Solaris audit trails. Technically, these - appear to violate the high level BSM spec, which suggests that all tokens - are present in records, but need to be supported. -- Implement HEADER64, ATTR64, SUBJECT64 token types, which make it possible - to run praudit(1) on basic Solaris BSM streams. -- Switched to Solaris spelling of token names; Darwin spellings are now - deprecated and will be removed in a future version of OpenBSM. -- Adopt Solaris model for representing IPv4 and IPv6 addresses. -- Prefer C99 types. -- Attempt to universally adopt the BSD style(9) coding style for - consistency. -- auditreduce(1) now has a usage message. -- Update support for auditctl(2) system call to support FreeBSD. -- Add support for /dev/audit as the trigger source on FreeBSD. -- Add additional event types for Darwin, FreeBSD, and Solaris. Annotate - conflicts (there are a few, unfortunately). Correct spellings, comment, - sort, etc. These include {get,set}res[ug]id(), sendfile(), lchflags(), - eaccess(), kqueue(), kevent(), poll(), lchmod(). -- Relicensed under a BSD license, many thanks to Apple, Inc! -- Many bug fixes, cleanups, thread safety in the class, control, event, - and user system audit databases. Annotate some persisting atomicity - bugs associated with the API and implementation. -- Add audump test tool. -- Adopt OpenSolaris BSM API memory semantics: caller allocates memory, - or static memory is returned for non-_r() versions of API calls. - _free() calls dropped as a result, and source code compatibility with - OpenSolaris improved significantly. -- Annotate BSM events with origin OS and compatibility information. -- auditd(8), audit(8) added to the OpenBSM distribution. auditd extended - to support reloading of kernel event table. -- Allow comments in /etc/security configuration files. - -$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#12 $ diff --git a/contrib/openbsm/FREEBSD-upgrade b/contrib/openbsm/FREEBSD-upgrade new file mode 100644 index 0000000..1f5f059 --- /dev/null +++ b/contrib/openbsm/FREEBSD-upgrade @@ -0,0 +1,44 @@ +Upgrade Instructions for OpenBSM +-------------------------------- + +OpenBSM integrates into the FreeBSD source tree in several places: + +src/contrib/openbsm The OpenBSM distribution itself +src/sys/bsm Modified versions of some bsm/ include files +src/sys/security/audit Kernel audit framework, some OpenBSM-based files +src/usr.sbin/*audit* Makefiles for various OpenBSM tools +src/etc/Makefile Installation of /etc OpenBSM files +src/lib/libbsm/* Build for OpenBSM library + +OpenBSM is normally built using an integrated autoconf/automake build +system. For the purposes of tight integration with FreeBSD, we use an +adapted BSD make (bmake) build system loosely based on the automake +setup. We also rely on a static config.h generated when OpenBSM is +imported, rather than re-configuring every build. This leads to a +more reproduceable build environment, and avoids dependence on things +not in the base tree (i.e., autoconf, automake, GNU make, etc). An +upgrade of OpenBSM generally involves the following steps: + +- Vendor import of OpenBSM into src/contrib. +- Run configure, commit src/contrib/openbsm/config/config.h. +- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm. +- Possible updates to src/sys/security/audit, especially relating to + bsm_token.c. +- Update any library, tool, or etc BSD Makefiles to add new files, + defines, or other generally useful or necessary things. + +Normally, the CVS vendor import goes along the following lines: + + cd ~/p4/projects/trustedbsd/openbsm + cvs -n -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import \ + src/contrib/openbsm TrustedBSD OPENBSM_1_0_ALPHA_1 + +Replacing the version string as required. Remove the "-n" argument once +the import is tested in order to perform the actual import. + +Propagation of changes to src/sys/{bsm,security/audit} is something that +requires careful coordination and attention to detail. These files are +not on CVS vendor branches, but do have the same local vs. vendor merge +issues. + +$FreeBSD$ diff --git a/contrib/openbsm/Makefile b/contrib/openbsm/Makefile deleted file mode 100644 index b480723..0000000 --- a/contrib/openbsm/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/Makefile#2 $ -# - -SUBDIR= bsm \ - libbsm \ - bin - -.include <bsd.subdir.mk> diff --git a/contrib/openbsm/bin/Makefile b/contrib/openbsm/bin/Makefile deleted file mode 100644 index 3bc4a6c..0000000 --- a/contrib/openbsm/bin/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile#4 $ -# - -SUBDIR= audit \ - auditd \ - auditreduce \ - praudit - -.include <bsd.subdir.mk> diff --git a/contrib/openbsm/bin/audit/Makefile b/contrib/openbsm/bin/audit/Makefile deleted file mode 100644 index cec37ea..0000000 --- a/contrib/openbsm/bin/audit/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile#2 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= audit -MAN= audit.8 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/contrib/openbsm/bin/auditd/Makefile b/contrib/openbsm/bin/auditd/Makefile deleted file mode 100644 index fbbdc47..0000000 --- a/contrib/openbsm/bin/auditd/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile#2 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= auditd -SRCS= audit_warn.c auditd.c -MAN= auditd.8 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/contrib/openbsm/bin/auditreduce/Makefile b/contrib/openbsm/bin/auditreduce/Makefile deleted file mode 100644 index f4c292a..0000000 --- a/contrib/openbsm/bin/auditreduce/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile#4 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= auditreduce -MAN= auditreduce.1 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/contrib/openbsm/bin/praudit/Makefile b/contrib/openbsm/bin/praudit/Makefile deleted file mode 100644 index 34e136b..0000000 --- a/contrib/openbsm/bin/praudit/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile#4 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= praudit -MAN= praudit.1 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/contrib/openbsm/bsm/Makefile b/contrib/openbsm/bsm/Makefile deleted file mode 100644 index ba63701..0000000 --- a/contrib/openbsm/bsm/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile#7 $ -# - -INCS= audit.h \ - audit_internal.h \ - audit_kevents.h \ - audit_record.h \ - audit_uevents.h \ - libbsm.h - -TARGET= ${DESTDIR}/usr/include/bsm - -all: -default: -depend: -clean: - -install: - mkdir -p -m 0755 ${TARGET} - install -o root -g wheel -m 0644 ${INCS} ${TARGET} - diff --git a/contrib/openbsm/config/config.h b/contrib/openbsm/config/config.h new file mode 100644 index 0000000..2503155 --- /dev/null +++ b/contrib/openbsm/config/config.h @@ -0,0 +1,189 @@ +/* config/config.h. Generated by configure. */ +/* config/config.h.in. Generated from configure.ac by autoheader. */ +/* $FreeBSD$ + +/* Define to 1 if you have the `alarm' function. */ +#define HAVE_ALARM 1 + +/* Define if audit system calls present */ +#define HAVE_AUDIT_SYSCALLS + +/* Define to 1 if you have the `bzero' function. */ +#define HAVE_BZERO 1 + +/* Define to 1 if your system has a working `chown' function. */ +#define HAVE_CHOWN 1 + +/* Define to 1 if you have the <dlfcn.h> header file. */ +#define HAVE_DLFCN_H 1 + +/* Define to 1 if you have the <endian.h> header file. */ +/* #undef HAVE_ENDIAN_H */ + +/* Define to 1 if you have the `fork' function. */ +#define HAVE_FORK 1 + +/* Define to 1 if you have the `ftruncate' function. */ +#define HAVE_FTRUNCATE 1 + +/* Define if queue.h includes LIST_FIRST */ +#define HAVE_FULL_QUEUE_H + +/* Define to 1 if you have the `gettimeofday' function. */ +#define HAVE_GETTIMEOFDAY 1 + +/* Define to 1 if you have the `inet_ntoa' function. */ +#define HAVE_INET_NTOA 1 + +/* Define to 1 if you have the <inttypes.h> header file. */ +#define HAVE_INTTYPES_H 1 + +/* Define if ipc_perm.__key instead of key */ +/* #undef HAVE_IPC_PERM___KEY */ + +/* Define if ipc_perm.__seq instead of seq */ +/* #undef HAVE_IPC_PERM___SEQ */ + +/* Define to 1 if you have the <machine/endian.h> header file. */ +#define HAVE_MACHINE_ENDIAN_H 1 + +/* Define to 1 if you have the <mach/mach.h> header file. */ +/* #undef HAVE_MACH_MACH_H */ + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#define HAVE_MALLOC 1 + +/* Define to 1 if you have the <memory.h> header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `memset' function. */ +#define HAVE_MEMSET 1 + +/* Define to 1 if `stat' has the bug that it succeeds when given the + zero-length file name argument. */ +/* #undef HAVE_STAT_EMPTY_STRING_BUG */ + +/* Define to 1 if you have the <stdint.h> header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the <stdlib.h> header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strchr' function. */ +#define HAVE_STRCHR 1 + +/* Define to 1 if you have the `strerror' function. */ +#define HAVE_STRERROR 1 + +/* Define to 1 if you have the `strftime' function. */ +#define HAVE_STRFTIME 1 + +/* Define to 1 if you have the <strings.h> header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the <string.h> header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strrchr' function. */ +#define HAVE_STRRCHR 1 + +/* Define to 1 if you have the `strstr' function. */ +#define HAVE_STRSTR 1 + +/* Define to 1 if you have the `strtol' function. */ +#define HAVE_STRTOL 1 + +/* Define to 1 if you have the `strtoul' function. */ +#define HAVE_STRTOUL 1 + +/* Define to 1 if `st_rdev' is member of `struct stat'. */ +#define HAVE_STRUCT_STAT_ST_RDEV 1 + +/* Define to 1 if you have the <sys/endian.h> header file. */ +#define HAVE_SYS_ENDIAN_H 1 + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the <sys/time.h> header file. */ +#define HAVE_SYS_TIME_H 1 + +/* Define to 1 if you have the <sys/types.h> header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */ +#define HAVE_SYS_WAIT_H 1 + +/* Define to 1 if you have the <unistd.h> header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `vfork' function. */ +#define HAVE_VFORK 1 + +/* Define to 1 if you have the <vfork.h> header file. */ +/* #undef HAVE_VFORK_H */ + +/* Define to 1 if `fork' works. */ +#define HAVE_WORKING_FORK 1 + +/* Define to 1 if `vfork' works. */ +#define HAVE_WORKING_VFORK 1 + +/* Define to 1 if `lstat' dereferences a symlink specified with a trailing + slash. */ +/* #undef LSTAT_FOLLOWS_SLASHED_SYMLINK */ + +/* Name of package */ +#define PACKAGE "OpenBSM" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "trustedbsd-audit@TrustesdBSD.org" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "OpenBSM" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "OpenBSM 1.0a6" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "openbsm" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "1.0a6" + +/* Define as the return type of signal handlers (`int' or `void'). */ +#define RETSIGTYPE void + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ +#define TIME_WITH_SYS_TIME 1 + +/* Define to 1 if your <sys/time.h> declares `struct tm'. */ +/* #undef TM_IN_SYS_TIME */ + +/* Version number of package */ +#define VERSION "1.0a6" + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to `int' if <sys/types.h> doesn't define. */ +/* #undef gid_t */ + +/* Define to rpl_malloc if the replacement function should be used. */ +/* #undef malloc */ + +/* Define to `int' if <sys/types.h> does not define. */ +/* #undef pid_t */ + +/* Define to `unsigned' if <sys/types.h> does not define. */ +/* #undef size_t */ + +/* Define to `int' if <sys/types.h> doesn't define. */ +/* #undef uid_t */ + +/* Define as `fork' if `vfork' does not work. */ +/* #undef vfork */ diff --git a/contrib/openbsm/etc/audit_class b/contrib/openbsm/etc/audit_class index 3a7da08..f65ae41 100644 --- a/contrib/openbsm/etc/audit_class +++ b/contrib/openbsm/etc/audit_class @@ -1,5 +1,6 @@ # # $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#4 $ +# $FreeBSD$ # # This file must match audit.h # diff --git a/contrib/openbsm/etc/audit_control b/contrib/openbsm/etc/audit_control index fb1ce1a..7e60cbc 100644 --- a/contrib/openbsm/etc/audit_control +++ b/contrib/openbsm/etc/audit_control @@ -1,5 +1,6 @@ # # $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $ +# $FreeBSD$ # dir:/var/audit flags:lo diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event index ebab4ed..657ca77 100644 --- a/contrib/openbsm/etc/audit_event +++ b/contrib/openbsm/etc/audit_event @@ -1,5 +1,6 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#11 $ +# $FreeBSD$ # 0:AUE_NULL:indir system call:no 1:AUE_EXIT:exit(2):pc @@ -234,190 +235,129 @@ 267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad 268:AUE_CLOCK_SETTIME:clock_settime(2):ad 269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad -# -# What follows are deprecated Darwin event numbers that may someday conflict -# with Solaris events. -# -301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa -302:AUE_DARWIN_PTRACE:ptrace(2):pc -303:AUE_DARWIN_CHFLAGS:chflags(2):fm -304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm -305:AUE_DARWIN_PROFILE:profil(2):pc -306:AUE_DARWIN_KTRACE:ktrace(2):pc -307:AUE_DARWIN_SETLOGIN:setlogin(2):pc +301:AUE_GETFSSTAT:getfsstat(2):fa +302:AUE_PTRACE:ptrace(2):pc +303:AUE_CHFLAGS:chflags(2):fm +304:AUE_FCHFLAGS:fchflags(2):fm +305:AUE_PROFILE:profil(2):pc +306:AUE_KTRACE:ktrace(2):pc +307:AUE_SETLOGIN:setlogin(2):pc 308:AUE_DARWIN_REBOOT:reboot(2):ad -309:AUE_DARWIN_REVOKE:revoke(2):cl -310:AUE_DARWIN_UMASK:umask(2):pc -311:AUE_DARWIN_MPROTECT:mprotect(2):fm +309:AUE_REVOKE:revoke(2):cl +310:AUE_UMASK:umask(2):pc +311:AUE_MPROTECT:mprotect(2):fm 312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot 313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad 314:AUE_DARWIN_FLOCK:flock(2):fm -315:AUE_DARWIN_MKFIFO:mkfifo(2):fc -316:AUE_DARWIN_POLL:poll(2):no +315:AUE_MKFIFO:mkfifo(2):fc +316:AUE_POLL:poll(2):no 317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt -318:AUE_DARWIN_FUTIMES:futimes(2):fm -319:AUE_DARWIN_SETSID:setsid(2):pc -320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc +318:AUE_FUTIMES:futimes(2):fm +319:AUE_SETSID:setsid(2):pc +320:AUE_SETPRIVEXEC:setprivexec(2):pc 321:AUE_DARWIN_NFSSVC:nfssvc(2):ad 322:AUE_DARWIN_GETFH:getfh(2):fa 323:AUE_DARWIN_QUOTACTL:quotactl(2):ad -324:AUE_DARWIN_ADDPROFILE:system call:pc -325:AUE_DARWIN_KDEBUGTRACE:system call:pc -326:AUE_DARWIN_FSTAT:fstat(2):fa -327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa -328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr +324:AUE_ADDPROFILE:system call:pc +325:AUE_KDEBUGTRACE:system call:pc +326:AUE_FSTAT:fstat(2):fa +327:AUE_FPATHCONF:fpathconf(2):fa +328:AUE_GETDIRENTRIES:getdirentries(2):fr 329:AUE_DARWIN_TRUNCATE:truncate(2):fw 330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw -331:AUE_DARWIN_SYSCTL:sysctl(3):ad -332:AUE_DARWIN_MLOCK:mlock(2):pc -333:AUE_DARWIN_MUNLOCK:munlock(2):pc -334:AUE_DARWIN_UNDELETE:undelete(2):fm -335:AUE_DARWIN_GETATTRLIST:getattrlist():fa -336:AUE_DARWIN_SETATTRLIST:setattrlist():fm -337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa -338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw -339:AUE_DARWIN_SEARCHFS:searchfs():fa -340:AUE_DARWIN_MINHERIT:minherit(2):pc -341:AUE_DARWIN_SEMCONFIG:semconfig():ip -342:AUE_DARWIN_SEMOPEN:sem_open(2):ip -343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip -344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip -345:AUE_DARWIN_SHMOPEN:shm_open(2):ip -346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip -347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr -348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot -349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot -350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc -351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc -352:AUE_DARWIN_AUDITCTL:auditctl(2):ad -353:AUE_DARWIN_RFORK:rfork(2):pc -354:AUE_DARWIN_LCHMOD:lchmod(2):fm -355:AUE_DARWIN_SWAPOFF:swapoff():ad -356:AUE_DARWIN_INITPROCESS:init_process():pc -357:AUE_DARWIN_MAPFD:map_fd():fa -358:AUE_DARWIN_TASKFORPID:task_for_pid():pc -359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc -360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot -361:AUE_DARWIN_COPYFILE:copyfile():fr,fw -# -# OpenBSM-specific kernel events. -# -43001:AUE_GETFSSTAT:getfsstat(2):fa -43002:AUE_PTRACE:ptrace(2):pc -43003:AUE_CHFLAGS:chflags(2):fm -43004:AUE_FCHFLAGS:fchflags(2):fm -43005:AUE_PROFILE:profil(2):pc -43006:AUE_KTRACE:ktrace(2):pc -43007:AUE_SETLOGIN:setlogin(2):pc -43008:AUE_REVOKE:revoke(2):cl -43009:AUE_UMASK:umask(2):pc -43010:AUE_MPROTECT:mprotect(2):fm -43011:AUE_MKFIFO:mkfifo(2):fc -43012:AUE_POLL:poll(2):no -43013:AUE_FUTIMES:futimes(2):fm -43014:AUE_SETSID:setsid(2):pc -43015:AUE_SETPRIVEXEC:setprivexec(2):pc -43016:AUE_ADDPROFILE:system call:pc -43017:AUE_KDEBUGTRACE:system call:pc -43018:AUE_FSTAT:fstat(2):fa -43019:AUE_FPATHCONF:fpathconf(2):fa -43020:AUE_GETDIRENTRIES:getdirentries(2):fr -43021:AUE_SYSCTL:sysctl(3):ad -43022:AUE_MLOCK:mlock(2):pc -43023:AUE_MUNLOCK:munlock(2):pc -43024:AUE_UNDELETE:undelete(2):fm -43025:AUE_GETATTRLIST:getattrlist():fa -43026:AUE_SETATTRLIST:setattrlist():fm -43027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa -43028:AUE_EXCHANGEDATA:exchangedata():fw -43029:AUE_SEARCHFS:searchfs():fa -43030:AUE_MINHERIT:minherit(2):pc -43031:AUE_SEMCONFIG:semconfig():ip -43032:AUE_SEMOPEN:sem_open(2):ip -43033:AUE_SEMCLOSE:sem_close(2):ip -43034:AUE_SEMUNLINK:sem_unlink(2):ip -43035:AUE_SHMOPEN:shm_open(2):ip -43036:AUE_SHMUNLINK:shm_unlink(2):ip -43037:AUE_LOADSHFILE:load_shared_file():fr -43038:AUE_RESETSHFILE:reset_shared_file():ot -43039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot -43040:AUE_PTHREADKILL:pthread_kill(2):pc -43041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc -43042:AUE_AUDITCTL:auditctl(2):ad -43043:AUE_RFORK:rfork(2):pc -43044:AUE_LCHMOD:lchmod(2):fm -43045:AUE_SWAPOFF:swapoff():ad -43046:AUE_INITPROCESS:init_process():pc -43047:AUE_MAPFD:map_fd():fa -43048:AUE_TASKFORPID:task_for_pid():pc -43049:AUE_PIDFORTASK:pid_for_task():pc -43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot -43051:AUE_COPYFILE:copyfile():fr,fw -43052:AUE_LUTIMES:lutimes(2):fm -43053:AUE_LCHFLAGS:lchflags(2):fm -43054:AUE_SENDFILE:sendfile(2):nt -43055:AUE_USELIB:uselib(2):fa -43056:AUE_GETRESUID:getresuid(2):pc -43057:AUE_SETRESUID:setresuid(2):pc -43058:AUE_GETRESGID:getresgid(2):pc -43059:AUE_SETRESGID:setresgid(2):pc -43060:AUE_WAIT4:wait4(2):pc -43061:AUE_LGETFH:lgetfh(2):fa -43062:AUE_FHSTATFS:fhstatfs(2):fa -43063:AUE_FHOPEN:fhopen(2):fa -43064:AUE_FHSTAT:fhstat(2):fa -43065:AUE_JAIL:jail(2):pc -43066:AUE_EACCESS:eaccess(2):fa -43067:AUE_KQUEUE:kqueue(2):no -43068:AUE_KEVENT:kevent(2):no -43069:AUE_FSYNC:fsync(2):fm -43070:AUE_NMOUNT:nmount(2):ad -43071:AUE_BDFLUSH:bdflush(2):ad -43072:AUE_SETFSUID:setfsuid(2):ot -43073:AUE_SETFSGID:setfsgid(2):ot -43074:AUE_PERSONALITY:personality(2):pc -43075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad -43076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad -43077:AUE_PRCTL:prctl(2):pc -43078:AUE_GETCWD:getcwd(2):pc -43079:AUE_CAPGET:capget(2):pc -43080:AUE_CAPSET:capset(2):pc -43081:AUE_PIVOT_ROOT:pivot_root(2):pc -43082:AUE_RTPRIO::rtprio(2):pc -43083:AUE_SCHED_GETPARAM:sched_getparam(2):ad -43084:AUE_SCHED_SETPARAM:sched_setparam(2):ad -43085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad -43086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad -43087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad -43088:AUE_ACL_GET_FILE:acl_get_file(2):fa -43089:AUE_ACL_SET_FILE:acl_set_file(2):fm -43090:AUE_ACL_GET_FD:acl_get_fd(2):fa -43091:AUE_ACL_SET_FD:acl_set_fd(2):fm -43092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm -43093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm -43094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa -43095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa -43096:AUE_ACL_GET_LINK:acl_get_link(2):fa -43097:AUE_ACL_SET_LINK:acl_set_link(2):fm -43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm -43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa -43100:AUE_SYSARCH:sysarch(2):na -43101:AUE_EXTATTRCTL:extattrctl(2):fm -43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa -43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm -43104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa -43105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm -43106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa -43107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm -43108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa -43109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm -43110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa -43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm -43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa -43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm -# -# User space system events. -# +331:AUE_SYSCTL:sysctl(3):ad +332:AUE_MLOCK:mlock(2):pc +333:AUE_MUNLOCK:munlock(2):pc +334:AUE_UNDELETE:undelete(2):fm +335:AUE_GETATTRLIST:getattrlist():fa +336:AUE_SETATTRLIST:setattrlist():fm +337:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa +338:AUE_EXCHANGEDATA:exchangedata():fw +339:AUE_SEARCHFS:searchfs():fa +340:AUE_MINHERIT:minherit(2):pc +341:AUE_SEMCONFIG:semconfig():ip +342:AUE_SEMOPEN:sem_open(2):ip +343:AUE_SEMCLOSE:sem_close(2):ip +344:AUE_SEMUNLINK:sem_unlink(2):ip +345:AUE_SHMOPEN:shm_open(2):ip +346:AUE_SHMUNLINK:shm_unlink(2):ip +347:AUE_LOADSHFILE:load_shared_file():fr +348:AUE_RESETSHFILE:reset_shared_file():ot +349:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot +350:AUE_PTHREADKILL:pthread_kill(2):pc +351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc +352:AUE_AUDITCTL:auditctl(2):ad +353:AUE_RFORK:rfork(2):pc +354:AUE_LCHMOD:lchmod(2):fm +355:AUE_SWAPOFF:swapoff():ad +356:AUE_INITPROCESS:init_process():pc +357:AUE_MAPFD:map_fd():fa +358:AUE_TASKFORPID:task_for_pid():pc +359:AUE_PIDFORTASK:pid_for_task():pc +360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot +361:AUE_COPYFILE:copyfile():fr,fw +362:AUE_LUTIMES:lutimes(2):fm +363:AUE_LCHFLAGS:lchflags(2):fm +364:AUE_SENDFILE:sendfile(2):nt +365:AUE_USELIB:uselib(2):fa +366:AUE_GETRESUID:getresuid(2):pc +367:AUE_SETRESUID:setresuid(2):pc +368:AUE_GETRESGID:getresgid(2):pc +369:AUE_SETRESGID:setresgid(2):pc +370:AUE_WAIT4:wait4(2):pc +371:AUE_LGETFH:lgetfh(2):fa +372:AUE_FHSTATFS:fhstatfs(2):fa +373:AUE_FHOPEN:fhopen(2):fa +374:AUE_FHSTAT:fhstat(2):fa +375:AUE_JAIL:jail(2):pc +376:AUE_EACCESS:eaccess(2):fa +377:AUE_KQUEUE:kqueue(2):no +378:AUE_KEVENT:kevent(2):no +379:AUE_FSYNC:fsync(2):fm +380:AUE_NMOUNT:nmount(2):ad +381:AUE_BDFLUSH:bdflush(2):ad +382:AUE_SETFSUID:setfsuid(2):ot +383:AUE_SETFSGID:setfsgid(2):ot +384:AUE_PERSONALITY:personality(2):pc +385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad +386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad +387:AUE_PRCTL:prctl(2):pc +388:AUE_GETCWD:getcwd(2):pc +389:AUE_CAPGET:capget(2):pc +390:AUE_CAPSET:capset(2):pc +391:AUE_PIVOT_ROOT:pivot_root(2):pc +392:AUE_RTPRIO::rtprio(2):pc +393:AUE_SCHED_GETPARAM:sched_getparam(2):ad +394:AUE_SCHED_SETPARAM:sched_setparam(2):ad +395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad +396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad +397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad +398:AUE_ACL_GET_FILE:acl_get_file(2):fa +399:AUE_ACL_SET_FILE:acl_set_file(2):fm +400:AUE_ACL_GET_FD:acl_get_fd(2):fa +401:AUE_ACL_SET_FD:acl_set_fd(2):fm +402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm +403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm +404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa +405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa +406:AUE_ACL_GET_LINK:acl_get_link(2):fa +407:AUE_ACL_SET_LINK:acl_set_link(2):fm +408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm +409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa +410:AUE_SYSARCH:sysarch(2):na +411:AUE_EXTATTRCTL:extattrctl(2):fm +412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa +413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm +414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa +415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm +416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa +417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm +418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa +419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm +420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa +421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm +422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa +423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm 6152:AUE_login:login - local:lo 6153:AUE_logout:logout - local:lo 6159:AUE_su:su(1):lo diff --git a/contrib/openbsm/etc/audit_user b/contrib/openbsm/etc/audit_user index 7b92f06..0cce4f1 100644 --- a/contrib/openbsm/etc/audit_user +++ b/contrib/openbsm/etc/audit_user @@ -1,4 +1,5 @@ # # $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $ +# $FreeBSD$ # root:lo:no diff --git a/contrib/openbsm/etc/audit_warn b/contrib/openbsm/etc/audit_warn index 3612fc9..c5a3159 100644 --- a/contrib/openbsm/etc/audit_warn +++ b/contrib/openbsm/etc/audit_warn @@ -1,5 +1,6 @@ #!/bin/sh # # $P4: //depot/projects/trustedbsd/openbsm/etc/audit_warn#3 $ +# $FreeBSD$ # logger -p security.warning "audit warning: $@" diff --git a/contrib/openbsm/libbsm/Makefile b/contrib/openbsm/libbsm/Makefile deleted file mode 100644 index 00534aa..0000000 --- a/contrib/openbsm/libbsm/Makefile +++ /dev/null @@ -1,125 +0,0 @@ -# -# OpenBSM libbsm -# -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile#13 $ -# - -LIB= bsm -SHLIB_MAJOR= 1 - -CFLAGS+=-I- \ - -I .. \ - -Wall - -SRCS= bsm_audit.c \ - bsm_class.c \ - bsm_control.c \ - bsm_event.c \ - bsm_flags.c \ - bsm_io.c \ - bsm_mask.c \ - bsm_notify.c \ - bsm_token.c \ - bsm_user.c \ - bsm_wrappers.c - -MAN= libbsm.3 \ - au_class.3 \ - au_control.3 \ - au_event.3 \ - au_free_token.3 \ - au_io.3 \ - au_mask.3 \ - au_token.3 \ - au_user.3 - -MLINKS= libbsm.3 bsm.3 \ - au_class.3 getauclassent.3 \ - au_class.3 getauclassent_r.3 \ - au_class.3 getauclassnam.3 \ - au_class.3 getauclassnam_r.3 \ - au_class.3 setauclass.3 \ - au_class.3 endauclass.3 \ - au_control.3 setac.3 \ - au_control.3 endac.3 \ - au_control.3 getacdir.3 \ - au_control.3 getacmin.3 \ - au_control.3 getacflg.3 \ - au_control.3 getacna.3 \ - au_event.3 setauevent.3 \ - au_event.3 endauevent.3 \ - au_event.3 getauevent.3 \ - au_event.3 getauevent_r.3 \ - au_event.3 getauevnam.3 \ - au_event.3 getauevnam_r.3 \ - au_event.3 getauevnum.3 \ - au_event.3 getauevnum_r.3 \ - au_event.3 getauevnonam.3 \ - au_event.3 getauevnonam_r.3 \ - au_io.3 au_fetch_tok.3 \ - au_io.3 au_print_tok.3 \ - au_io.3 au_read_rec.3 \ - au_mask.3 au_preselect.3 \ - au_mask.3 getauditflagsbin.3 \ - au_mask.3 getauditflagschar.3 \ - au_user.3 setauuser.3 \ - au_user.3 endauuser.3 \ - au_user.3 getauuserent.3 \ - au_user.3 getauusernam.3 \ - au_user.3 au_user_mask.3 \ - au_user.3 getfauditflags.3 \ - au_token.3 au_to_arg32.3 \ - au_token.3 au_to_arg64.3 \ - au_token.3 au_to_arg.3 \ - au_token.3 au_to_attr64.3 \ - au_token.3 au_to_data.3 \ - au_token.3 au_to_exit.3 \ - au_token.3 au_to_groups.3 \ - au_token.3 au_to_newgroups.3 \ - au_token.3 au_to_in_addr.3 \ - au_token.3 au_to_in_addr_ex.3 \ - au_token.3 au_to_ip.3 \ - au_token.3 au_to_ipc.3 \ - au_token.3 au_to_ipc_perm.3 \ - au_token.3 au_to_iport.3 \ - au_token.3 au_to_opaque.3 \ - au_token.3 au_to_file.3 \ - au_token.3 au_to_text.3 \ - au_token.3 au_to_path.3 \ - au_token.3 au_to_process32.3 \ - au_token.3 au_to_process64.3 \ - au_token.3 au_to_process.3 \ - au_token.3 au_to_process32_ex.3 \ - au_token.3 au_to_process64_ex.3 \ - au_token.3 au_to_process_ex.3 \ - au_token.3 au_to_return32.3 \ - au_token.3 au_to_return64.3 \ - au_token.3 au_to_return.3 \ - au_token.3 au_to_seq.3 \ - au_token.3 au_to_socket.3 \ - au_token.3 au_to_socket_ex_32.3 \ - au_token.3 au_to_socket_ex_128.3 \ - au_token.3 au_to_sock_inet32.3 \ - au_token.3 au_to_sock_inet128.3 \ - au_token.3 au_to_sock_inet.3 \ - au_token.3 au_to_subject32.3 \ - au_token.3 au_to_subject64.3 \ - au_token.3 au_to_subject.3 \ - au_token.3 au_to_subject32_ex.3 \ - au_token.3 au_to_subject64_ex.3 \ - au_token.3 au_to_subject_ex.3 \ - au_token.3 au_to_me.3 \ - au_token.3 au_to_exec_args.3 \ - au_token.3 au_to_exec_env.3 \ - au_token.3 au_to_header.3 \ - au_token.3 au_to_header32.3 \ - au_token.3 au_to_header64.3 \ - au_token.3 au_to_trailer.3 - -beforeinstall: - if test -d ${INCSDIR}; then \ - else \ - mkdir ${INCSDIR}; \ - fi; - -.include <bsd.lib.mk> diff --git a/contrib/openbsm/man/Makefile b/contrib/openbsm/man/Makefile deleted file mode 100644 index 1fbbc31..0000000 --- a/contrib/openbsm/man/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile#7 $ -# - -MAN= audit.2 \ - auditctl.2 \ - auditon.2 \ - getaudit.2 \ - getauid.2 \ - setaudit.2 \ - setauid.2 \ - audit.log.5 \ - audit_class.5 \ - audit_control.5 \ - audit_event.5 \ - audit_user.5 \ - audit_warn.5 - -MLINKS= getaudit.2 getaudit_addr.2 \ - setaudit.2 setaudit_addr.2 - -.include <bsd.prog.mk> diff --git a/contrib/openbsm/tools/Makefile b/contrib/openbsm/tools/Makefile deleted file mode 100644 index 79e582d..0000000 --- a/contrib/openbsm/tools/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile#3 $ -# - -CFLAGS+= -I- -I .. -I ../libbsm -L ../libbsm -I. -PROG= audump -NO_MAN= -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin -WARNS= 3 - -.include <bsd.prog.mk> |