Date: Fri, 14 Dec 2018 17:16:15 +0100 From: Jack Halford <jack@gandi.net> To: trustedbsd-audit@freebsd.org Cc: rwatson@freebsd.org Subject: new syscalls audit events Message-ID: <20181214161615.lvk2gsqtf7gij4fc@thinkpad-gandi>
next in thread | raw e-mail | index | archive | help
Hello, I'm currently writing a patch for 3 new syscalls for per-thread credentials, 2 of these are auditable (setcred and revertcred, see [1]). The wiki page about adding auditing events says to contact you in case of need of a new BSM event. I'm prettu sure I've added my events in all the right place, however I can't see any of my syscalls in the auditpipe. So far I've done the following: 1) added relevant information in - contrib/openbsm/etc/audit_event - contrib/openbsm/sys/bsm/audit_kevents.h - sys/bsm/audit_kevents.h - sys/kern/syscalls.master - sys/compat/freebsd32/syscalls.master 2) regenerate sysvector, build and install kernel and world 3) `make -C usb.sbin install` doesn't seems to install the new /etc/audit_event so I cp'd it by hand Any pointers? I'd like to get this working before the review for obvious reasons... [1]: https://github.com/jzck/freebsd/pull/1/files -- Best, Jack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181214161615.lvk2gsqtf7gij4fc>