http://bugzilla.mindrot.org/show_bug.cgi?id=125
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #647 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2004-12-20 16:24 -------
Created an attachment (id=753)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=753&action=view)
Add intrumentation for audit to sshd (still work in progress).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From dtucker at zip.com.au 2004-12-20 16:26 ------- Created an attachment (id=754) --> (http://bugzilla.mindrot.org/attachment.cgi?id=754&action=view) Use audit hooks in patch #753 for BSM auditting (work in progress) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From dtucker at zip.com.au 2004-12-20 18:53 ------- (From update of attachment 618) Do these two audit calls in session.c work when privsep is enabled? It seems they're called after the privilege drop in that case... (or does BSM do something clever like caching a descriptor so privilege is not required?)> fclose(f); >+#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM) >+ solaris_audit_nologin(); >+#endif /* BSM */>+# if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM) >+ if (command != NULL) >+ solaris_audit_save_command(command); >+# endif /* BSM */ > do_setusercontext(pw); > #endif /* HAVE_OSF_SIA */------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=125
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #753 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2004-12-20 20:26 -------
Created an attachment (id=755)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=755&action=view)
Add intrumentation for audit to sshd (still work in progress).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=125
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #754 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2004-12-20 20:28 -------
Created an attachment (id=756)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=756&action=view)
Use audit hooks in patch #753 for BSM auditting (work in progress)
Relocate some audit calls so they're called from the monitor where possible.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=125
phil at usc.edu changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |phil at usc.edu
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=125
nickls at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nickls at apple.com
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- [Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail
- [Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail
- [Bug 2] sshd should have BSM auditing on Solaris
- [Bug 125] add BSM audit support
- [Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail