[Fwd: Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks]

Peter Rosa prosa at pro.sk
Mon Sep 4 11:57:13 CEST 2006 

Zdravim vsetkych,

pre tych, ktori nie su clenmi, preposielam spravu z FreeBSD-Security. 
Hovoria o moznych problemoch s 6-STABLE, tak aby ste neboli prekvapeni v 
pripade problemov :-)

Peter Rosa



----- Pôvodná správa -----
Predmet: Re: Warning: MFC of security event audit support RELENG_6 in
the next 2-3 weeks
Dátum: Sat, 2 Sep 2006 11:42:20 +0100 (BST)
Od: Robert Watson <rwatson at freebsd.org>
Pre: stable at freebsd.org
Kópia: trustedbsd-audit at TrustedBSD.org, freebsd-security at freebsd.org
Referencie: <20060816120709.N45647 at fledge.watson.org>


On Wed, 16 Aug 2006, Robert Watson wrote:

> Dear 6-STABLE users,
>
> In the next 2-3 weeks, I plan to MFC support for CAPP security eventing 
> auditing from 7-CURRENT to 6-STABLE.  The implementation has been running 
> quite nicely in -CURRENT for several months.  Right now, I'm just waiting on 
> a confirmation from Sun regarding formal allocation of a BSM header version 
> number so as to avoid accidental version number conflicts in the future, 
> which I hope to get this week, as well as a bug fix in the handling of 
> per-pipe preselection, which Christian Peron is currently working on.  The 
> audit implementation will be considered an experimental feature in 
> 6.2-RELEASE, but in practice runs quite well, so is ready for more 
> wide-spread deployment.

Dear 6-STABLE users,

After a couple of weeks of settling, polishing, etc, the MFC of audit 
support is about to begin.  Over the next couple of days, the 6-STABLE 
build may be briefly broken as inter-dependent components are merged.  I 
do not anticipate any serious disruption, but some caution is called 
for.  In principle, all the potentially tricky kernel ABI dependencies, 
etc, were dealt with before 6.0-RELEASE, such as changes in the size of 
the kernel system call data structures.  The approximate merge plan, run 
by re@ a few days ago, is as follows:

- Merge OpenBSM contrib subtree detached from build.

- Merge kernel trees (src/sys/bsm, src/sys/security/audit), attach to
   build.

- Merge kernel audit event hooks across the kernel.  In principle, we've
   reserved space in the syscall table, etc, so that there is no
   disruptive kernel ABI change for critical data structures.

- Merge OpenBSM library and command line tools build, as well as install
   of /etc/security, /etc/rc.d files.

- Merge kernel man pages (src/share/man/man4/audit*).

- Merge user space tool changes, such as to login, sshd, su, etc, so
   that events are audited.

- Loose ends, such as make.conf man page, etc.

- Update Handbook to indicate that Audit applies to 6.x and 7.x.

I will send out a status e-mail once the merge is completed, and send
out a notice if any problems are encountered.  If you experience any
problems, especially problems not related to the build (which will
likely get picked up and fixed quickly, if they occur), please let me
know.  I'm especially interested in any issues relating to changes in
ability to log in, programs exiting due to using unrecognized system
calls (SIGSYS), etc.  As I said above, these sorts of problems are
unlikely to occur, but if they do occur, I'd like to fix them as quickly
as possible.  I would like to have the merge largely done by 4 September
2006, although it's possible a few straggling tweaks will come in after
that.

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

More information about the Users-l mailing list