Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Feb 2006 00:11:52 -0600
From:      "Christian S.J. Peron" <csjp@FreeBSD.org>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   Re: PERFORCE change 92365 for review
Message-ID:  <43FFF528.7070100@FreeBSD.org>
In-Reply-To: <200602250012.k1P0CgNJ041723@repoman.freebsd.org>
References:  <200602250012.k1P0CgNJ041723@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote:

>http://perforce.freebsd.org/chv.cgi?CH=92365
>
>Change 92365 by rwatson@rwatson_peppercorn on 2006/02/25 00:12:28
>
>	On systems without LOG_SECURITY defined, use LOG_AUTH.
>	
>	Reported by:	Martin Fong <martin dot fong at sri dot com>
>
>Affected files ...
>
>.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#13 edit
>
>Differences ...
>
>==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#13 (text+ko) ====
>
>@@ -30,7 +30,7 @@
>  *
>  * @APPLE_BSD_LICENSE_HEADER_END@
>  *
>- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#12 $
>+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#13 $
>  */
> 
> #include <sys/types.h>
>@@ -795,7 +795,11 @@
> 		}
> 	}
> 
>+#ifdef LOG_SECURITY
> 	openlog("auditd", LOG_CONS | LOG_PID, LOG_SECURITY);
>+#else
>+	openlog("auditd", LOG_CONS | LOG_PID, LOG_AUTH);
>+#endif
> 	syslog(LOG_INFO, "starting...\n");
> 
> 	if (debug == 0 && daemon(0, 0) == -1) {
>
>
>  
>
In userspace, we are using LOG_AUTH | LOG_ERR to report audit failures, 
at least for login(1) and su(1).
Might be a good idea to be consistent, anyway.

-- 
Christian S.J. Peron
csjp@FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43FFF528.7070100>