HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS302525

Do allow auditing of read(2) and write(2) system calls, by assigning
rS302525
Actions

Description

Do allow auditing of read(2) and write(2) system calls, by assigning
those system calls audit event identifiers AUE_READ and AUE_WRITE.
While auditing file-descriptor I/O is not required by the Common
Criteria, in practice this proves useful for both live and forensic
analysis.

NB: freebsd32 already assigns AUE_READ and AUE_WRITE to read(2) and
write(2).

MFC after: 3 days
Sponsored by: DARPA, AFRL

Details

Provenance
rwatsonAuthored on
Parents
rS302524: When mmap(2) is used with a vnode, capture vnode attributes in the
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
head/
sys/
kern/
sys/

rS302525

View Options

head/sys/kern/init_sysent.c

Loading...
View Options

head/sys/kern/syscalls.master

Loading...
View Options

head/sys/sys/sysproto.h

Loading...