From nobody@FreeBSD.org  Wed Aug 22 11:16:18 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AB68016A419
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 22 Aug 2007 11:16:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 996B413C468
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 22 Aug 2007 11:16:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l7MBGI0H086150
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 22 Aug 2007 11:16:18 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l7MBGI6F086149;
	Wed, 22 Aug 2007 11:16:18 GMT
	(envelope-from nobody)
Message-Id: <200708221116.l7MBGI6F086149@www.freebsd.org>
Date: Wed, 22 Aug 2007 11:16:18 GMT
From: Vladimir Ermakov <samflanker@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: please add pipe-buffer switcher (On\Off) in /usr/sbin/praudit
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         115715
>Category:       bin
>Synopsis:       [openbsm] [patch] please add pipe-buffer switcher (On\Off) in /usr/sbin/praudit
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 22 11:20:01 GMT 2007
>Closed-Date:    Thu Mar 06 10:05:36 UTC 2008
>Last-Modified:  Thu Mar 06 10:05:36 UTC 2008
>Originator:     Vladimir Ermakov
>Release:        6.2-STABLE
>Organization:
-
>Environment:
FreeBSD localhost 6.2-STABLE FreeBSD 6.2-STABLE #1: Tue Aug 21 12:27:13 MSD 2007     root@localhost:/usr/obj/usr/src/sys/STONE  amd64
>Description:
please add pipe-buffer switcher (On\Off) in /usr/sbin/praudit
for normal(realtime without data buffering) work follow shell constructions:

# praudit -l /dev/auditpipe | tee file.log
# praudit -l /dev/auditpipe > file.log
# ...
# praudit -l /dev/auditpipe | grep "xxxx"


>How-To-Repeat:
# cat /etc/security/audit_control
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#5 $
# $FreeBSD: src/contrib/openbsm/etc/audit_control,v 1.2.2.2 2006/09/29 22:41:54 rwatson Exp $
#
dir:/var/audit
flags:^all
minfree:20
naflags:^all
policy:cnt

# cat /etc/security/audit_user
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $
# $FreeBSD: src/contrib/openbsm/etc/audit_user,v 1.2.2.1 2006/09/02 10:46:00 rwatson Exp $
#
#root:lo:no
flanker:+fw:no

please login user flanker, run follow construction:
# praudit -l /dev/auditpipe | tee file.log
or
# praudit -l /dev/auditpipe > file.log
or
# praudit -l /dev/auditpipe | grep "xxxx"

and write or create any files

'praudit' using pipe-buffer (4096 bytes) for forward data
after full load pipe-buffer, data forward to out
pipe-buffer prevent realtime data forwarding

>Fix:
Index: praudit.c
===================================================================
RCS file: /data/fbsd-cvs/ncvs/src/contrib/openbsm/bin/praudit/praudit.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 praudit.c
--- praudit.c    16 Apr 2007 15:36:57 -0000    1.1.1.3
+++ praudit.c    21 Aug 2007 14:26:43 -0000
@@ -107,6 +107,7 @@
         free(buf);
         if (oneline)
             printf("\n");
+        fflush(stdout);
     }
     return (0);
 }


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: rwatson 
State-Changed-When: Sun Oct 21 00:36:13 UTC 2007 
State-Changed-Why:  
This change has been applied to the OpenBSM tree in Perforce, and will 
appear in OpenBSM 1.0.  I plan to merge OpenBSM 1.0 into 8.x/7.x in the 
next week, and MFC to 6.x once it has settled for some time.  With any 
luck, this change will appear in both FreeBSD 6.3 and FreeBSD 7.0. 

Thanks for the report! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115715 
State-Changed-From-To: patched->closed 
State-Changed-By: rwatson 
State-Changed-When: Thu Mar 6 10:05:09 UTC 2008 
State-Changed-Why:  
FreeBSD 6.3 and FreeBSD 7.0 have been released, and include the requested 
fflush(3) change.  Thanks for the submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115715 
>Unformatted:
