similar to: HEADS UP: Audit integration into CVS in progress, some tree disruption (fwd)

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users

https://bugzilla.mindrot.org/show_bug.cgi?id=1968 Bug #: 1968 Summary: openssh won't build with --with-audit=bsm on Solaris 11 Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: normal Priority: P2

#include <errno.h> was removed from includes.h in July: ---------------------------- revision 1.113 date: 2006/07/12 12:22:46; author: dtucker; state: Exp; lines: +1 -2 - stevesk at cvs.openbsd.org 2006/07/11 20:07:25 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h

Hi Damien, I'm working with the Solaris team that is integrating openssh into upcoming Solaris releases. I'm looking for advice from the upstream community. You were suggested for that advice. If there are other mailing lists you'd like me to ask, I'm happy to do so, or if you'd like to forward, please feel free to do so. The --with-audit=bsm (audit-bsm.c) configuration

Does anyone know if openssh has removed the experimental designation for BSM audit support for Solaris systems? If so, which release, please. Thanks.

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested

FYI for those attending BSDCan and interested in some of the security feature development going on for FreeBSD right now... Robert N M Watson ---------- Forwarded message ---------- Date: Thu, 28 Apr 2005 21:39:31 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: trustedbsd-discuss@TrustedBSD.org Subject: FYI: TrustedBSD at BSDCan Mentioned in an earlier e-mail, but here it is

Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call

This is a follow-up on a thread from last year requesting that openssh indicate which authorized key was accepted during a login as opposed to just logging that a key was accepted... Here's the old message: It is possible for ~user/.ssh/authorized_keys to have multiple entries. It would be quite helpful if openssh would enhance the log to indicate WHICH key was

http://bugzilla.mindrot.org/show_bug.cgi?id=363 Summary: No logging of SSH activities under Solaris BSM Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #647 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-12-20 16:24 -------

Hello, I downloaded and compiled the Mar 2, 2005 snapshot and compiled it with bsm auditing for solaris turned on. I've been noticing about a dozen or so of the following messages per day now. Not sure exactly what it is, or if it is a big issue. Mar 3 13:46:10 machine_name sshd[15298]: [ID 800047 auth.crit] fatal: mm_request_send: write If it matters it is running on solaris 8

To get BSM working on Solaris 8 with OpenSSH, I did this: Download John R. Jackson's OpenSSH 3.5p1 BSM patch here, and save as "patch.tar.gz": http://bugzilla.mindrot.org/show_bug.cgi?id=125 (NOTE TO OpenSSH DEVELOPERS, can you incorporate this patch into the next version of OpenSSH?) Installing the OpenSSH 3.5p1 BSM patch: ?-------------------------------------- Turning on Sun BSM

We have started using BSM and have hit the BSM issue where cron is messed up if you SSH into a Solaris 8 box and try to issue a cron job. I noticed the bug here: http://bugzilla.mindrot.org/show_bug.cgi?id=125 Is this patch applied to the OpenSSH 3.5p1 release? I tried installing OpenSSH 3.5p1 and turned off Privileged Separation in the sshd_config file, but I am still getting the cron issues

Greetings, In order to use solaris's BSM (Basic security module) also called c2 audit, which logs specific kernel calls depending on your audit_control, I would need to use login(1) to log users exec calls and whatnot because Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I would have to enable Uselogin in sshd_config in order for that to work. I am running

Can someone help me get BSM working with Solaris 8 and OpenSSH 3.5p1? I saw the patch here for OpenSSH 3.4p1, but do not know how to apply it to OpenSSH 3.4p1 nor do I feel comfortable modifying to work with OpenSSH 3.5p1: openssh-unix-dev at mindrot.org Is this patch needed to fix the BSM crontab issue only, or is it required for BSM auditing in general? Jeff

Dear all: I want to modify the 'StructTS' function from the 'stats' package. First, I am writing a working copy of the original version and got some problems. I have two versions of the function plus the original one. The first version is the same code as the 'StructTS' function: StructTS.v1 <- function (x, type = c("level", "trend",

http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From phil at usc.edu 2005-02-25 13:09 ------- So we've done some internal testing with the latest snapshot over the last two days, and things look good. It's not a thorough test, but the logging is as we would expect, and everything else looks as expected. A huge thanks to all the people who helped with