mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-27 03:11:52 +01:00
c0020399a6
OpenBSM history for imported revision below for reference. MFC after: 2 weeks Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 - Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. - Add wrapper functions for auditon(2) to use legacy commands when the new commands are not supported. - Add default for 'expire-after' in audit_control to expire trail files when the audit directory is more than 10 megabytes ('10M'). - Interface to convert between local and BSM fcntl(2) command values has been added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with definitions of constants in audit_fcntl.h. - A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens generated by audit_submit(3) were improperly encoded has been fixed. - Fix example in audit_submit(3) man page. Also, make it clear that we want the audit ID as the argument. - A new audit event class 'aa', for post-login authentication and authorization events, has been added.
26 lines
1.2 KiB
Plaintext
26 lines
1.2 KiB
Plaintext
OpenBSM TODO
|
|
|
|
- Build a regression test suite for libbsm that generates each token
|
|
type and then compares the results with known good data. Make sure to
|
|
test that things work properly with respect to endianness of the local
|
|
platform.
|
|
- Document contents of libbsm "public" data structures in libbsm man pages.
|
|
- The audit.log.5 man page is incomplete, as it does not describe all
|
|
token types.
|
|
- With the move to autoconf/automake, man page symlinks are no longer
|
|
installed. This needs to be fixed.
|
|
- It might be desirable to be able to provide EOPNOTSUPP system call stubs
|
|
on systems that don't have the necessary audit system calls; that would
|
|
allow the full libbsm and tool set to build, just not run.
|
|
- Teach praudit how to begin printing at any point in a token stream, not
|
|
just at the beginning of a record. This will make it easier to use
|
|
praudit in test suites processing single-token files without header and
|
|
trailer context.
|
|
- Document audit_warn event arguments.
|
|
- Allow the path /etc/security to be configured at configure-time so that
|
|
alternative locations can be used.
|
|
- NLS support for au_strerror(3), which provides error strings for BSM errors
|
|
not available on the local OS platform.
|
|
|
|
$P4: //depot/projects/trustedbsd/openbsm/TODO#13 $
|