HardenedBSD/contrib/openbsm/TODO
Robert Watson c0020399a6 Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.
2009-04-19 16:17:13 +00:00

26 lines
1.2 KiB
Plaintext

OpenBSM TODO
- Build a regression test suite for libbsm that generates each token
type and then compares the results with known good data. Make sure to
test that things work properly with respect to endianness of the local
platform.
- Document contents of libbsm "public" data structures in libbsm man pages.
- The audit.log.5 man page is incomplete, as it does not describe all
token types.
- With the move to autoconf/automake, man page symlinks are no longer
installed. This needs to be fixed.
- It might be desirable to be able to provide EOPNOTSUPP system call stubs
on systems that don't have the necessary audit system calls; that would
allow the full libbsm and tool set to build, just not run.
- Teach praudit how to begin printing at any point in a token stream, not
just at the beginning of a record. This will make it easier to use
praudit in test suites processing single-token files without header and
trailer context.
- Document audit_warn event arguments.
- Allow the path /etc/security to be configured at configure-time so that
alternative locations can be used.
- NLS support for au_strerror(3), which provides error strings for BSM errors
not available on the local OS platform.
$P4: //depot/projects/trustedbsd/openbsm/TODO#13 $