From f7669e641742373606ef85a4855b7028f5b564a5 Mon Sep 17 00:00:00 2001 From: rwatson Date: Mon, 5 Jun 2006 10:52:12 +0000 Subject: Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6: - Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. - Define a new API, au_to_header32_tm(), which adds a struct timeval argument to the ordinary au_to_header32(), which is now implemented by wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL the APIs that invoke gettimeofday(), rather than having a variable definition. Don't try to retrieve time zone information using gettimeofday(), as it's not needed, and introduces possible failure modes. - Don't perform byte order transformations on the addr/machine fields of the terminal ID that appears in the process32/subject32 tokens. These are assumed to be IP addresses, and as such, to be in network byte order. - Universally, APIs now assume that IP addresses and ports are provided in network byte order. APIs now generally provide these types in network byte order when decoding. - Beginnings of an OpenBSM test framework can now be found in openbsm/test. This code is not built or installed by default. - auditd now assigns more appropriate syslog levels to its debugging and error information. - Support for audit filters introduced: audit filters are dynamically loaded shared objects that run in the context of a new daemon, auditfilterd. The daemon reads from an audit pipe and feeds both BSM and parsed versions of records to shared objects using a module API. This will provide a framework for the writing of intrusion detection services. - New utility API, audit_submit(), added to capture common elements of audit record submission for many applications. Obtained from: TrustedBSD Project --- contrib/openbsm/bsm/audit.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'contrib/openbsm/bsm/audit.h') diff --git a/contrib/openbsm/bsm/audit.h b/contrib/openbsm/bsm/audit.h index 8739b2a..1d05625 100644 --- a/contrib/openbsm/bsm/audit.h +++ b/contrib/openbsm/bsm/audit.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#16 $ */ #ifndef _BSM_AUDIT_H @@ -264,11 +264,11 @@ struct audit_stat { unsigned int as_version; unsigned int as_numevent; int as_generated; - int as_nonattring; + int as_nonattrib; int as_kernel; int as_audit; int as_auditctl; - int as_enqueu; + int as_enqueue; int as_written; int as_wblocked; int as_rblocked; -- cgit v1.1