[prev in list] [next in list] [prev in thread] [next in thread]
List: trustedbsd-audit
Subject: Re: auditd - hostname in trail file name patch
From: Robert Watson <rwatson () FreeBSD ! org>
Date: 2006-11-25 11:45:29
Message-ID: 20061125114324.N46163 () fledge ! watson ! org
[Download RAW message or body]
On Tue, 14 Nov 2006, Martin Voros wrote:
> Robert Watson <rwatson@FreeBSD.org> wrote:
> On Thu, 26 Oct 2006, Martin Voros wrote:
>
>> I've prepared another patch which put hostname in trail file name (another
>> point from TODO list). Format is timestamp.timestamp.hostname or
>> timestamp.not_terminated.hostname
>>
>> Again of course all comments are welcome.
>
> Having now returned from EuroBSDCon, I'm trying to catch up on e-mail. My
> suggestion here would be to switch to using asprintf() to de-complicate the
> buffer length calculation, which otherwise is probably the riskiest part of
> the change.
>
> I've prepared new patch, which use asprintf instead of strcat and malloc.
Martin,
Again, a rather long delay -- sorry about that! Thanks for the revised patch.
I've run into a problem with it, however -- if the hostname changes between
when auditd opens a trail (affixdir) and when it closes if (close_lastfile),
then the filename at creation and removal differs. I think we need to
rearrange things in auditd so that close_lastfile() operates on a cached copy
of the filename, rather than attempting to reconstruct the last filename since
it can no longer be done without maintaining state. Is this something you
could investigate?
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
trustedbsd-audit@FreeBSD.org mailing list
http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit
To unsubscribe, send any mail to "trustedbsd-audit-unsubscribe@FreeBSD.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic