Quoth Tomas Zeman on Fri, Aug 03, 2007 at 08:19:31AM +0200:
> On Thu, Aug 02, 2007 at 04:51:04PM -0700, David Bustos wrote:
...
> What I want to achieve:
> - ability to have several plugins which can be easily distinguished and
> enabled/disabled.
> - plugins can be implemented by 3rd party so we need to avoid name conflicts.
> - auditd does not know all possible plugin implementation so it has to find
> easily which property group describes a plugin and which properties are
> plugin specific
>
> Maybe we can use something like:
> <property_group name='SUNW,audit_plugin' type='application'>
> <propval name='binfile' type='astring'/>
> <propval file='audit_binfile.so' type='astring'/>
> ...
> But then several property groups will have the same name.
Why not
<property_group name='SUNW,binfile' type='application'>
<propval file='audit_binfile.so' type='astring'/>
?
> > > - wouldn't it be better to drop plugin's 'attributes' list in favor of
> > > several plugin specific attributes with names beginning with eg. p_
> > > to be
> > > recognizable by auditd and passed to a plugin upon initialization?
> >
> > I think so. Do you know of a reason it wouldn't be?
>
> It is more or less matter of whether we prefer unification of plugin
> properties.
> Some properties are common to all plugins, like 'name', 'enabled'. The rest,
> plugin specific, could be all handled by 'attributes' property. But that to
> rather obscure way of managing them via svccfg.
Ok, let's break them up into separate properties.
> Here is the relevant part of the proposed manifest:
>
>
> <property_group name='config' type='application'>
> <propval name='flags' type='astring' value='' />
Is this supposed to be a bitfield? If so, count or integer would be
more appropriate.
> <propval name='naflags' type='astring' value='lo' />
> <propval name='policy' type='astring' value='+cnt' />
> <propval name='read_authorization' type='astring'
> value='solaris.audit.config' />
> </property_group>
>
> <property_group name='binfile' type='SUNW,audit_plugin'>
Yeah, this should be name="SUNW,binfile" type="application".
> <propval name='name' type='astring' value='audit_binfile.so' />
I think "path" or "file" or "filename" might be a better name for this.
> <propval name='enabled' type='boolean' value='true' />
> <propval name='p_minfree' type='count' value='20' />
> <property name='p_dir' type='astring'>
> <astring_list>
> <value_node value='/var/audit'/>
> </astring_list>
> </property>
> <propval name='read_authorization' type='astring'
> value='solaris.audit.config' />
> </property_group>
>
> <property_group name='syslog' type='SUNW,audit_plugin'>
And this could be "SUNW,syslog".
> <propval name='name' type='astring' value='audit_syslog.so' />
> <propval name='enabled' type='boolean' value='true' />
> <propval name='p_flags' type='astring' value='all' />
> <propval name='read_authorization' type='astring'
> value='solaris.audit.config' />
> </property_group>
>
> <property_group name='remote' type='SUNW,audit_plugin'>
And this "SUNW,remote".
David
