Re: Audit plug-ins development
On Tuesday 07 August 2007 10:10:07 am Klaus Heinrich Kiwi wrote:
I'm interested in developing an audit plug-in to forward events
to z/OS
RACF (sort of a centralized AAA facility for IBM System Z systems).
Nice.
What is your general idea for audit plug-ins deploymet?
You would drop a config file into /etc/audisp/plugins.d and it contains the
information to tell the dispatcher what to do. I think there are a couple in
audit-1.5.7/new_audispd/configs to look at for an example.
Would we be able to contribute the plug-ins to the audit userspace so
that
they can be available in the audit source package, and then maybe in a
separate binary package upon building?
That sounds good unless...
Can you give us some hints about how would you want this code
contributions
and how would you want these blended in the audit tree?
I'm wanting to keep the audit code GPLv2+ and the libraries LGPLv2+ so that if
there is any compelling reason to change licenses that the project can do
that. But I don't have any immediate plans to change to v3 right now.
I would like to just create a plugins directory under audit-1.5.7/new_audispd
and then each plugin under that. I'm looking to move the project to Feodora's
cvs facilities sometime soon. So, maybe the 1.5.8 release I could merge any
plugins? I also need to do a quick write-up for what is expected of a plugin
before I start accepting them.
-Steve