Audit Kernel Events

by Efstratios Karatzas for The FreeBSD Project

Kernel subsytems such as NFS & PF can be enhanced to log security related information using TrustedBSD's Audit subsystem. The kernel audit framework will need serious reworking itself because it is currently based on the notion that information is gathered only through system calls and a single kernel thread will be involved in at most one security event at a time. This project will focus in providing audit support for NFS RPCs and the necessary foundations for modifying other kernel subsystems.