Bug 226627 - [NEW PORT] security/setaudit: Tool to specify audit configurations on a process
Summary: [NEW PORT] security/setaudit: Tool to specify audit configurations on a process
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Danilo G. Baio
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-15 11:15 UTC by Mateusz Piotrowski
Modified: 2018-03-27 23:32 UTC (History)
4 users (show)

See Also:
dbaio: maintainer-feedback+

Attachments
Shell archive of a new setaudit port (version: g20150315) (1.74 KB, text/plain)
2018-03-15 11:15 UTC, Mateusz Piotrowski 		no flags Details
Shell archive of a new setaudit port (version: g20150315, revision: 2) (1.74 KB, text/plain)
2018-03-15 15:17 UTC, Mateusz Piotrowski 		0mp: maintainer-approval-
Details
Shell archive of a new setaudit port (version: v1.0.0) (1.71 KB, text/plain)
2018-03-19 16:04 UTC, Mateusz Piotrowski 		0mp: maintainer-approval+
Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-15 11:15:26 UTC 
Created attachment 191517 [details]
Shell archive of a new setaudit port (version: g20150315)

setaudit is a tool to specify audit configurations on a process. It was published partly as a result of this thread on freebsd-security@: https://lists.freebsd.org/pipermail/freebsd-security/2018-March/009780.html

QA:
 - poudriere 11.1-RELEASE (amd64, i386), 10.4-RELEASE amd64, 12.0-CURRENT amd64
 - portlint

Website: https://github.com/csjayp/setaudit
Comment 1 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-15 15:17:07 UTC 
Created attachment 191522 [details]
Shell archive of a new setaudit port (version: g20150315, revision: 2)

I updated the attachment as there was a typo in pkg-descr.
Comment 2 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-18 20:53:07 UTC 
A new release should be published soon. Please, do not commit those changes just yet. I'll update the patch soon.
Comment 3 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-19 16:04:02 UTC 
Created attachment 191632 [details]
Shell archive of a new setaudit port (version: v1.0.0)

Setaudit v1.0.0 has been released.

It should be ok to merge it into ports at this point.

QA: 
 - poudriere: 11.1 amd64
 - portlintChanges:
 - Update to version v1.0.0.
Comment 4 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-20 23:14:19 UTC 
Hi.

Thanks for this submission. I tested this tool and it's very nice.

I've started the audit daemon and listen the logs through `praudit /dev/auditpipe`.

What about write more information in the pkg-descr about this tool?

And other concern, in base we already have a man page called setaudit.

Regards.
Comment 5 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-21 14:20:08 UTC 
(In reply to Danilo G. Baio from comment #4)

I'll consult csjp@ and report back soon. :)
Comment 6 Christian S.J. Peron freebsd_committer freebsd_triage 2018-03-22 14:26:48 UTC 
(In reply to Danilo G. Baio from comment #4)

We can certainly improve on the description. With respect to the man page duplicate this is fine. Although there is already a setaudit(2) man page, there is no setaudit(1) or setaudit(8) man page. If a user wants to view the setaudit(2) man page, they can simply "man 2 setaudit". We have this in base already with things like daemon, printf etc.
Comment 7 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-22 16:33:36 UTC 
(In reply to Christian S.J. Peron from comment #6)

Hi Christian, that's ok, thanks for clarifying.

I've seen some changes in the Github repository, will you tag a new version?

Regards.
Comment 8 Christian S.J. Peron freebsd_committer freebsd_triage 2018-03-22 16:39:07 UTC 
(In reply to Danilo G. Baio from comment #7)

Hi Danilo,

Sounds great. I just pushed another tag (v1.0.1)

Thanks!
Comment 9 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-22 16:58:26 UTC 
(In reply to Christian S.J. Peron from comment #8)

It's needed to change the manpage in the Makefile.
https://github.com/csjayp/setaudit/blob/master/Makefile#L21
Comment 10 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-22 18:51:53 UTC 
Now we are waiting for a more detailed pkg-descr.
Comment 11 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-24 21:42:28 UTC 
Hi Christian and Mateusz.

What do you think about this change in pkg-descr?


$ cat pkg-descr
With setaudit is possible to specify audit configurations on a process directly
at the runtime.

All audit events are redirected to the auditd (audit log management daemon).

Example of enabling all exe related audit events performed by a `command` and
its child processes:
  # setaudit -m ex `command`

WWW: https://github.com/csjayp/setaudit
Comment 12 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-25 22:00:43 UTC 
(In reply to Danilo G. Baio from comment #11)

You've missed a word :)

How about:

> With setaudit it is possible to specify audit configurations on a process
> directly at the runtime.
> 
> All audit events are redirected to the auditd(8), an audit log management
> daemon.
> 
> Example of enabling all exe related audit events performed by a command and its
> child processes:
> 
>     # setaudit -m ex command
> 
> WWW: https://github.com/csjayp/setaudit

One way or another, it's a huge improvement over the previous pkg-descr so I'm happy any formatting you decide on. :)

I think that this port is ready. Would you like me to update the patch and run poudriere tests?
Comment 13 commit-hook freebsd_committer freebsd_triage 2018-03-27 23:21:25 UTC 
A commit references this bug:

Author: dbaio
Date: Tue Mar 27 23:20:34 UTC 2018
New revision: 465770
URL: https://svnweb.freebsd.org/changeset/ports/465770

Log:
  Add security/setaudit: Tool to specify audit configurations on a process

  With setaudit it is possible to specify audit configurations on a process
  directly at the runtime.

  All audit events are redirected to the auditd(8), an audit log management
  daemon.

  Example of enabling all exe related audit events performed by a command and its
  child processes:

    # setaudit -m ex command

  WWW: https://github.com/csjayp/setaudit

  PR:		226627
  Submitted by:	Mateusz Piotrowski <0mp@FreeBSD.org>

Changes:
  head/security/Makefile
  head/security/setaudit/
  head/security/setaudit/Makefile
  head/security/setaudit/distinfo
  head/security/setaudit/pkg-descr
Comment 14 Christian S.J. Peron freebsd_committer freebsd_triage 2018-03-27 23:22:47 UTC 
(In reply to commit-hook from comment #13)
Danilo

Looks great, thanks!
Comment 15 Danilo G. Baio freebsd_committer freebsd_triage 2018-03-27 23:23:28 UTC 
Committed, thank you both.
And sorry for the delay.
Comment 16 Mateusz Piotrowski freebsd_committer freebsd_triage 2018-03-27 23:32:09 UTC 
(In reply to Danilo G. Baio from comment #15)

Thank you for helping us with all those little improvements. You're great!