bugzilla-daemon at mindrot.org
2004-May-31 13:25 UTC
[Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail
http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #619 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-05-31 23:25 ------- Created an attachment (id=647) --> (http://bugzilla.mindrot.org/attachment.cgi?id=647&action=view) (DO NOT USE) More work-in-progress for comment. More work on the sshd hooks, the implementation in port-solaris.c is still incomplete. I'm interested on feedback about (a) whether or not the interface (see sshaudit.h) is sane and (b) if it's adequate for other systems requiring this kind of intrumentation. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-May-31 22:36 UTC
[Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail
http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From djm at mindrot.org 2004-06-01 08:36 ------- (From update of attachment 647)>+#ifdef AUDIT_EVENTS >+ PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); >+#endifHow about removing the #ifdefs and just making audit_event a no-op for the non-audit case?>Index: sshaudit.h >==================================================================>RCS file: sshaudit.h >diff -N sshaudit.h >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ sshaudit.h 31 May 2004 12:10:20 -0000 >@@ -0,0 +1,22 @@ >+#include "auth.h" >+ >+#ifndef SSHAUDIT_H >+# define SSHAUDIT_H >+enum audit_event_type { >+ AUTH_FAILED, /* ? */ >+ LOGIN_SUCCESS, >+ LOGIN_EXCEED_MAXTRIES, >+ LOGIN_FAIL_BADPW, >+ ILLEGAL_USER, >+ ROOT_NOT_CONSOLE, >+ NOLOGIN, >+ LOGOUT >+};indenting looks wonky here>+#if defined(HAVE_GETAUDIT_ADDR) >+ (void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype); >+ debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype); >+#else >+ ia = inet_addr(host); >+ memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0])); >+ sav_iptype = 0; /* not used, but just in case */ >+#endifHow does this cope with INET6 addresses? or is this code path only taken when the machine is old ipv4 API only? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.