Bug 226627 - [NEW PORT] security/setaudit: Tool to specify audit configurations on a process
Summary: [NEW PORT] security/setaudit: Tool to specify audit configurations on a process
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Danilo G. Baio
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-15 11:15 UTC by Mateusz Piotrowski
Modified: 2018-03-27 23:32 UTC (History)
4 users (show)

See Also:
dbaio: maintainer-feedback+


Attachments
Shell archive of a new setaudit port (version: g20150315) (1.74 KB, text/plain)
2018-03-15 11:15 UTC, Mateusz Piotrowski
no flags Details
Shell archive of a new setaudit port (version: g20150315, revision: 2) (1.74 KB, text/plain)
2018-03-15 15:17 UTC, Mateusz Piotrowski
0mp: maintainer-approval-
Details
Shell archive of a new setaudit port (version: v1.0.0) (1.71 KB, text/plain)
2018-03-19 16:04 UTC, Mateusz Piotrowski
0mp: maintainer-approval+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-15 11:15:26 UTC
Created attachment 191517 [details]
Shell archive of a new setaudit port (version: g20150315)

setaudit is a tool to specify audit configurations on a process. It was published partly as a result of this thread on freebsd-security@: https://lists.freebsd.org/pipermail/freebsd-security/2018-March/009780.html

QA:
 - poudriere 11.1-RELEASE (amd64, i386), 10.4-RELEASE amd64, 12.0-CURRENT amd64
 - portlint

Website: https://github.com/csjayp/setaudit
Comment 1 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-15 15:17:07 UTC
Created attachment 191522 [details]
Shell archive of a new setaudit port (version: g20150315, revision: 2)

I updated the attachment as there was a typo in pkg-descr.
Comment 2 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-18 20:53:07 UTC
A new release should be published soon. Please, do not commit those changes just yet. I'll update the patch soon.
Comment 3 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-19 16:04:02 UTC
Created attachment 191632 [details]
Shell archive of a new setaudit port (version: v1.0.0)

Setaudit v1.0.0 has been released.

It should be ok to merge it into ports at this point.

QA: 
 - poudriere: 11.1 amd64
 - portlintChanges:
 - Update to version v1.0.0.
Comment 4 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-20 23:14:19 UTC
Hi.

Thanks for this submission. I tested this tool and it's very nice.

I've started the audit daemon and listen the logs through `praudit /dev/auditpipe`.

What about write more information in the pkg-descr about this tool?

And other concern, in base we already have a man page called setaudit.

Regards.
Comment 5 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-21 14:20:08 UTC
(In reply to Danilo G. Baio from comment #4)

I'll consult csjp@ and report back soon. :)
Comment 6 Christian S.J. Peron freebsd_committer freebsd_triage 2018-03-22 14:26:48 UTC
(In reply to Danilo G. Baio from comment #4)

We can certainly improve on the description. With respect to the man page duplicate this is fine. Although there is already a setaudit(2) man page, there is no setaudit(1) or setaudit(8) man page. If a user wants to view the setaudit(2) man page, they can simply "man 2 setaudit". We have this in base already with things like daemon, printf etc.
Comment 7 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-22 16:33:36 UTC
(In reply to Christian S.J. Peron from comment #6)

Hi Christian, that's ok, thanks for clarifying.

I've seen some changes in the Github repository, will you tag a new version?

Regards.
Comment 8 Christian S.J. Peron freebsd_committer freebsd_triage 2018-03-22 16:39:07 UTC
(In reply to Danilo G. Baio from comment #7)

Hi Danilo,

Sounds great. I just pushed another tag (v1.0.1)

Thanks!
Comment 9 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-22 16:58:26 UTC
(In reply to Christian S.J. Peron from comment #8)

It's needed to change the manpage in the Makefile.
https://github.com/csjayp/setaudit/blob/master/Makefile#L21
Comment 10 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-22 18:51:53 UTC
Now we are waiting for a more detailed pkg-descr.
Comment 11 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-24 21:42:28 UTC
Hi Christian and Mateusz.

What do you think about this change in pkg-descr?


$ cat pkg-descr
With setaudit is possible to specify audit configurations on a process directly
at the runtime.

All audit events are redirected to the auditd (audit log management daemon).

Example of enabling all exe related audit events performed by a `command` and
its child processes:
  # setaudit -m ex `command`

WWW: https://github.com/csjayp/setaudit
Comment 12 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-25 22:00:43 UTC
(In reply to Danilo G. Baio from comment #11)

You've missed a word :)

How about:

> With setaudit it is possible to specify audit configurations on a process
> directly at the runtime.
> 
> All audit events are redirected to the auditd(8), an audit log management
> daemon.
> 
> Example of enabling all exe related audit events performed by a command and its
> child processes:
> 
>     # setaudit -m ex command
> 
> WWW: https://github.com/csjayp/setaudit

One way or another, it's a huge improvement over the previous pkg-descr so I'm happy any formatting you decide on. :)

I think that this port is ready. Would you like me to update the patch and run poudriere tests?
Comment 13 commit-hook freebsd_committer freebsd_triage 2018-03-27 23:21:25 UTC
A commit references this bug:

Author: dbaio
Date: Tue Mar 27 23:20:34 UTC 2018
New revision: 465770
URL: https://svnweb.freebsd.org/changeset/ports/465770

Log:
  Add security/setaudit: Tool to specify audit configurations on a process

  With setaudit it is possible to specify audit configurations on a process
  directly at the runtime.

  All audit events are redirected to the auditd(8), an audit log management
  daemon.

  Example of enabling all exe related audit events performed by a command and its
  child processes:

    # setaudit -m ex command

  WWW: https://github.com/csjayp/setaudit

  PR:		226627
  Submitted by:	Mateusz Piotrowski <0mp@FreeBSD.org>

Changes:
  head/security/Makefile
  head/security/setaudit/
  head/security/setaudit/Makefile
  head/security/setaudit/distinfo
  head/security/setaudit/pkg-descr
Comment 14 Christian S.J. Peron freebsd_committer freebsd_triage 2018-03-27 23:22:47 UTC
(In reply to commit-hook from comment #13)
Danilo

Looks great, thanks!
Comment 15 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-27 23:23:28 UTC
Committed, thank you both.
And sorry for the delay.
Comment 16 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-27 23:32:09 UTC
(In reply to Danilo G. Baio from comment #15)

Thank you for helping us with all those little improvements. You're great!