Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
- From: Robert Watson <rwatson@xxxxxxxxxxx>
- Date: Sat, 2 Sep 2006 11:42:20 +0100 (BST)
On Wed, 16 Aug 2006, Robert Watson wrote:
Dear 6-STABLE users,
In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the future, which I hope to get this week, as well as a bug fix in the handling of per-pipe preselection, which Christian Peron is currently working on. The audit implementation will be considered an experimental feature in 6.2-RELEASE, but in practice runs quite well, so is ready for more wide-spread deployment.
Dear 6-STABLE users,
After a couple of weeks of settling, polishing, etc, the MFC of audit support is about to begin. Over the next couple of days, the 6-STABLE build may be briefly broken as inter-dependent components are merged. I do not anticipate any serious disruption, but some caution is called for. In principle, all the potentially tricky kernel ABI dependencies, etc, were dealt with before 6.0-RELEASE, such as changes in the size of the kernel system call data structures. The approximate merge plan, run by re@ a few days ago, is as follows:
- Merge OpenBSM contrib subtree detached from build.
- Merge kernel trees (src/sys/bsm, src/sys/security/audit), attach to build.
- Merge kernel audit event hooks across the kernel. In principle, we've
reserved space in the syscall table, etc, so that there is no disruptive
kernel ABI change for critical data structures.
- Merge OpenBSM library and command line tools build, as well as install of
/etc/security, /etc/rc.d files.
- Merge kernel man pages (src/share/man/man4/audit*).
- Merge user space tool changes, such as to login, sshd, su, etc, so that
events are audited.
- Loose ends, such as make.conf man page, etc.
- Update Handbook to indicate that Audit applies to 6.x and 7.x.
I will send out a status e-mail once the merge is completed, and send out a notice if any problems are encountered. If you experience any problems, especially problems not related to the build (which will likely get picked up and fixed quickly, if they occur), please let me know. I'm especially interested in any issues relating to changes in ability to log in, programs exiting due to using unrecognized system calls (SIGSYS), etc. As I said above, these sorts of problems are unlikely to occur, but if they do occur, I'd like to fix them as quickly as possible. I would like to have the merge largely done by 4 September 2006, although it's possible a few straggling tweaks will come in after that.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
- From: Robert Watson
- Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
- Prev by Date: Several issues on Dell 1950/2950 servers (6-STABLE and 7-CURRENT)
- Next by Date: RE: atheros driver under high load, panics and even more freezes
- Previous by thread: Several issues on Dell 1950/2950 servers (6-STABLE and 7-CURRENT)
- Next by thread: Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
- Index(es):
Relevant Pages
|
|
