Hello,
I am attaching an Open Office presentation that contains the slides for the
audit dispatcher preliminary design review. The audit dispatcher will be
implemented using C++ to provide some organization and abstraction for some
of the design elements.
The audit dispatcher will be configured by a file /etc/audisp.conf that will
instruct it on how to configure the input plugins and the output filter
plugin. Some plugins will be active - meaning that they have their own thread
of execution. Others will be passive and use the caller's thread.
The Filter plugin is a Composite of two classes - The filter and an output.
The filter part does the data transformation or filtering. The output plugin
takes the data passed to it and outputs it. The plugin class is a wrapper for
a shared object file that gets loaded and unloaded.
Events will be gathered by input plugins and placed into the applications
event queue. Filter plugins will have previously registered for callbacks for
new events. They will all receive the event and begin processing it. When and
if the event needs to be output, the filter will call its output plugin.
The audisp daemon will receive a reconfigure event whenever SIGHUP is sent to
the audit daemon. It will re-read its config and remove, add, or modify
plugins on the fly.
There are some rules regarding the implementation in C++. The ground rules
are: No dynamic class creation or deletion except at startup/shutdown; No
exceptions; and No templates.
This is a preliminary design. If there are any concerns, comments,
suggestions, please follow up on this. This was modeled with Umbrello - which
is part of Kdesdk. The PDR model will be placed on
people.redhat.com/~sgrubb/audit.
Thanks,
-Steve Grubb