HardenedBSD/sys/security/audit
Christian S.J. Peron 757a564248 Add BSM record conversion for a number of syscalls:
- thr_kill(2) and thr_exit(2) generally (no argument auditing here.
- A set of syscalls for the process descriptor family, specifically:
  pdfork(2), pdgetpid(2) and pdkill(2)

  For these syscalls, audit the file descriptor. In the case of pdfork(2)
  a pointer to an integer (file descriptor) is passed in as an argument.
  We audit the post initialized file descriptor (not the random garbage
  that would have been passed in). We will also audit the child process
  which was created from the fork operation (similar to what is done for
  the fork(2) syscall).

  pdkill(2) we audit the signal value and fd, and finally pdgetpid(2)
  just the file descriptor:

- Following is a sample of the produced audit trails:

  header,111,11,pdfork(2),0,Sat May 16 03:07:50 2020, + 394 msec
  argument,0,0x39d,child PID
  argument,2,0x2,flags
  argument,1,0x8,fd
  subject,root,root,0,root,0,924,0,0,0.0.0.0
  return,success,925

  header,79,11,pdgetpid(2),0,Sat May 16 03:07:50 2020, + 394 msec
  argument,1,0x8,fd
  subject,root,root,0,root,0,924,0,0,0.0.0.0
  return,success,0
  trailer,79

  header,135,11,pdkill(2),0,Sat May 16 03:07:50 2020, + 395 msec
  argument,1,0x8,fd
  argument,2,0xf,signal
  process_ex,root,root,0,root,0,925,0,0,0.0.0.0
  subject,root,root,0,root,0,924,0,0,0.0.0.0
  return,success,0
  trailer,135

MFC after:      1 week
2020-05-16 03:45:15 +00:00
..
audit_arg.c audit: provide audit_canon_path variant which accepts vnodes 2020-02-21 01:40:49 +00:00
audit_bsm_db.c
audit_bsm_klib.c audit_canon_path_vp: don't panic if cdir == NULL 2020-04-17 02:09:31 +00:00
audit_bsm.c Add BSM record conversion for a number of syscalls: 2020-05-16 03:45:15 +00:00
audit_dtrace.c
audit_ioctl.h
audit_pipe.c
audit_private.h audit: provide audit_canon_path variant which accepts vnodes 2020-02-21 01:40:49 +00:00
audit_syscalls.c
audit_trigger.c
audit_worker.c
audit.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
audit.h audit: provide audit_canon_path variant which accepts vnodes 2020-02-21 01:40:49 +00:00
bsm_domain.c
bsm_errno.c
bsm_fcntl.c
bsm_socket_type.c
bsm_token.c