improove ssh-ldap (documentation)
This commit is contained in:
parent
f33c99e38b
commit
b32f1200b4
@ -271,16 +271,16 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
|
|||||||
case SSH_AUTH_SUCCESS:
|
case SSH_AUTH_SUCCESS:
|
||||||
- case SSH_CONNECTION_CLOSE:
|
- case SSH_CONNECTION_CLOSE:
|
||||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
||||||
+ get_remote_ipaddr(), "sshd", 1, event);
|
+ get_remote_ipaddr(), "ssh", 1, event);
|
||||||
+ break;
|
+ break;
|
||||||
+
|
+
|
||||||
case SSH_NOLOGIN:
|
case SSH_NOLOGIN:
|
||||||
- case SSH_LOGIN_EXCEED_MAXTRIES:
|
- case SSH_LOGIN_EXCEED_MAXTRIES:
|
||||||
case SSH_LOGIN_ROOT_DENIED:
|
case SSH_LOGIN_ROOT_DENIED:
|
||||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
||||||
+ get_remote_ipaddr(), "sshd", 0, event);
|
+ get_remote_ipaddr(), "ssh", 0, event);
|
||||||
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
||||||
+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);
|
+ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
+ case SSH_LOGIN_EXCEED_MAXTRIES:
|
+ case SSH_LOGIN_EXCEED_MAXTRIES:
|
||||||
@ -291,7 +291,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
|
|||||||
case SSH_AUTH_FAIL_HOSTBASED:
|
case SSH_AUTH_FAIL_HOSTBASED:
|
||||||
case SSH_AUTH_FAIL_GSSAPI:
|
case SSH_AUTH_FAIL_GSSAPI:
|
||||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
||||||
+ get_remote_ipaddr(), "sshd", 0, event);
|
+ get_remote_ipaddr(), "ssh", 0, event);
|
||||||
+ break;
|
+ break;
|
||||||
+
|
+
|
||||||
+ case SSH_CONNECTION_CLOSE:
|
+ case SSH_CONNECTION_CLOSE:
|
||||||
@ -309,7 +309,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
|
|||||||
- linux_audit_record_event(-1, audit_username(), NULL,
|
- linux_audit_record_event(-1, audit_username(), NULL,
|
||||||
- get_remote_ipaddr(), "sshd", 0);
|
- get_remote_ipaddr(), "sshd", 0);
|
||||||
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
||||||
+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);
|
+ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -121,7 +121,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
|||||||
+ const static char *name[] = { "cipher", "mac", "comp" };
|
+ const static char *name[] = { "cipher", "mac", "comp" };
|
||||||
+ int audit_fd;
|
+ int audit_fd;
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d",
|
+ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ",
|
||||||
+ name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()),
|
+ name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()),
|
||||||
+ get_local_port());
|
+ get_local_port());
|
||||||
+ audit_fd = audit_open();
|
+ audit_fd = audit_open();
|
||||||
@ -144,7 +144,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
|||||||
+ const static char *direction[] = { "from-server", "from-client", "both" };
|
+ const static char *direction[] = { "from-server", "from-client", "both" };
|
||||||
+ Cipher *cipher = cipher_by_name(enc);
|
+ Cipher *cipher = cipher_by_name(enc);
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
|
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
||||||
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
|
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
|
||||||
+ (intmax_t)pid, (intmax_t)uid,
|
+ (intmax_t)pid, (intmax_t)uid,
|
||||||
+ get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
|
+ get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
|
||||||
|
@ -85,7 +85,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
|||||||
+ char buf[AUDIT_LOG_SIZE];
|
+ char buf[AUDIT_LOG_SIZE];
|
||||||
+ int audit_fd, audit_ok;
|
+ int audit_fd, audit_ok;
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
|
+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
||||||
+ direction[ctos], (intmax_t)pid, (intmax_t)uid,
|
+ direction[ctos], (intmax_t)pid, (intmax_t)uid,
|
||||||
+ get_remote_port(),
|
+ get_remote_port(),
|
||||||
+ get_local_ipaddr(packet_get_connection_in()),
|
+ get_local_ipaddr(packet_get_connection_in()),
|
||||||
|
@ -85,7 +85,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
|||||||
+ char buf[AUDIT_LOG_SIZE];
|
+ char buf[AUDIT_LOG_SIZE];
|
||||||
+ int audit_fd, audit_ok;
|
+ int audit_fd, audit_ok;
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd",
|
+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd ",
|
||||||
+ fp, (intmax_t)pid, (intmax_t)uid);
|
+ fp, (intmax_t)pid, (intmax_t)uid);
|
||||||
+ audit_fd = audit_open();
|
+ audit_fd = audit_open();
|
||||||
+ if (audit_fd < 0) {
|
+ if (audit_fd < 0) {
|
||||||
@ -110,7 +110,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
|||||||
+ char buf[AUDIT_LOG_SIZE];
|
+ char buf[AUDIT_LOG_SIZE];
|
||||||
+ int audit_fd, audit_ok;
|
+ int audit_fd, audit_ok;
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=?", fp);
|
+ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=? ", fp);
|
||||||
+ audit_fd = audit_open();
|
+ audit_fd = audit_open();
|
||||||
+ if (audit_fd < 0) {
|
+ if (audit_fd < 0) {
|
||||||
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
|
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
|
||||||
|
Loading…
Reference in New Issue
Block a user