[698] in Intrusion Detection Systems
Re: Sun BSM
daemon@ATHENA.MIT.EDU (Justin J. Lister)
Sat Jun 15 17:09:43 1996
To: ids@uow.edu.au (Intrusion Detection System Mailing List)
Date: Sun, 16 Jun 1996 01:07:08 +1000 (EST)
From: ruf@osiris.cs.uow.edu.au (Justin J. Lister)
Reply-To: ids@uow.edu.au
> Does anybody knows how to get the audit records from a program in C ?
> I know there are some system calls like audit(), getaudit(),..., and some
> structs of audit records but I don't know how to use them. Is there any
> information available ?
--------------------------------------------------------------------------
From: Mansour Esmaili <mansour@osiris.cs.uow.edu.au>
Date: Tue, 11 Jun 1996 17:35:36 +1000 (EST)
Try manual pages for audit.log and also have a look at audit.h header file
which is usually in /usr/include/sys directory.
These have structures which tell you how the audit data is stored in
audit.log files.
Hope this helps.
--------------------------------------------------------------------------
Date: Tue, 11 Jun 1996 15:58:46 +0100
From: amo@info.fundp.ac.be (Aziz MOUNJI)
Hi Celestino,
as far as I know, there is an interface for writing to the BSM
log files but there are no interface for reading the next record
from log. You must write one by hand. However, the document "SunSHIELD
Basic Security Module Guide" provides a comprehensive description
of the binary layout of BSM logs. I've implemented such thing as
part of a program to convert BSM logs to ASAX internal format (NADF).
Aziz.
--
+---------------------+--------------------------------------------------+
| ____ ___ | Justin Lister ruf@cs.uow.edu.au |
| | \\ /\ __\ | Center for Computer Security Research |
| | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327|
| | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329|
| |_/ \/ \_/ |_| (tm) | LiNuX- iNTEL justification. mobile: 61-0412139269|
| | Computer Security a utopian dream... |
+---------------------+--------------------------------------------------+
