isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for logging exit status events.

Browse Source 
For sudo-formatted logs, this is a record with "EXIT=number" and
potentially "SIGNAL=name" after the command.  For JSON-format logs,
a new "exit" record is logged which contains an "exit_value" and
potentially "signal" and "core_dumped".  JSON-format logs now incude
a UUID to associate the "exit" record with the "accept" record.
This commit is contained in:
Todd C. Miller
2021-07-09 11:08:44 -06:00
parent 657897b8bf
commit b54a16e174
2 changed files with 175 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/sudo_eventlog.h
View File

@@ -31,6 +31,7 @@
enum event_type {
EVLOG_ACCEPT,
EVLOG_REJECT,
EVLOG_EXIT,
EVLOG_ALERT
};
@@ -122,6 +123,7 @@ struct json_container;
typedef bool (*eventlog_json_callback_t)(struct json_container *, void *);
bool eventlog_accept(const struct eventlog *evlog, int flags, eventlog_json_callback_t info_cb, void *info);
bool eventlog_exit(const struct eventlog *evlog, int flags, struct timespec *run_time, int exit_value, const char *signal_name, bool core_dumped, eventlog_json_callback_t info_cb, void *info);
bool eventlog_alert(const struct eventlog *evlog, int flags, struct timespec *alert_time, const char *reason, const char *errstr);
bool eventlog_reject(const struct eventlog *evlog, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info);
bool eventlog_store_json(struct json_container *json, const struct eventlog *evlog);