sshd needs to be enhanced to doing BSM auditing on Solaris. It needs to do at least the following: properly setup a users audit mask including the auid. Write login/logout audit records (success and failure). Write login/logout records when running commands Optionally Write audit records for port forwarding. I have patches to do all of the above (except the port forwarding). These will be released to the team once I have clearance from Sun Microsystems Legal department.
waiting for code or code samples.
Created attachment 94 [details] Current revision of Solaris BSM audit diffs - missing autoconf changes and it hasn't been tested (may not compile). Needs to link with -lbsm
Created attachment 95 [details] Solaris BSM audit patches against OpenSSH 3.1p1
I've added a new set of attachments for BSM audit diffs against 3.1p1, these build (as per below) and work on Solaris 9. The audit interfaces used by this code should allow it to work on all Solaris releases from 2.4 onwards, though I haven't built and tested on anything other than Solaris 9. Note that the required changes to autoconf are not included in this. Someone more familiar with autoconf is better qualified to add those, particularly if you want to have a --with-solarisbsm option. To use the patch as it stands just now: 1. bsmaudit.o needs to be added to SSHDOBJS 2. HAVE_BSM_AUDIT_H needs to be defined 3. sshd needs to be linked with -lbsm (which is in /usr/lib). The diffs also include a suggested update to the INSTALL file that mentions the need to update audit_event, the included changes to buildpkg.sh add a postinstall script that does the update. I'm more than happy for this to be reworded or moved somewhere more appropriate. Finally I would like to publicly say sorry to Theo personally and all of the OpenSSH developers and Solaris users for the delay in getting the patches posted. The delay was not caused by Sun Microsystems Inc but by procrastination on my part. A mail from Theo today reminded me I had dropped the ball on this and prompted me to complete the work to its current stage. The changes and new files maybe included in any revision of OpenSSH, they are under the following license which is included in bsmaudit.h and bsmaudit.c, this is what is refered to by the phrase "Use is subject to license terms" that appears beneath the copyright notice. * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution.
Uhm, why is this bug marked as "RESOLVED REMIND" ? Was the patch ever checked in into the OpenSSH repository or not ?
No, the patch was not committed. The current BSM patches are in bug #125, which is targetted for the next major release.
Darren Tucker wrote: > No, the patch was not committed. The current BSM patches are in bug #125, > which is targetted for the next major release. Thanks for the info! :)
Mass change of RESOLVED bugs to CLOSED