Birk Richter wrote:
>...
>
> For full audit support in ssh (1/2) the sources must be patched with
> the necessary audit functions ;-).
That was exactly my experience. The necessary functions aren't
difficult to write but the API isn't documented anywhere that I could
find. I haven't submitted/published a patch because I don't know
whether I'd be violating our Sun source code license since my stuff is
based heavily on their rshd code. I suppose it won't matter with
Solaris 8? We've been running my audit-enabled sshd for a very long
time with no problems.
Also, I added a new event to /etc/security/audit_event, AUE_sshd, so ssh
sessions are tagged correctly. Unfortunately, Sun ships a new
audit_event every time they patch something in the audit package, even
though I don't see any changes to audit_event.
Robert Lau
Information Services Division - Core Services
University of Southern California
