diff options
| author | Nikolay Sturm <sturm@cvs.openbsd.org> | 2004-01-07 21:15:44 +0000 |
|---|---|---|
| committer | Nikolay Sturm <sturm@cvs.openbsd.org> | 2004-01-07 21:15:44 +0000 |
| commit | c0c29b7796b53657559c366a2a3296e64497871d (patch) | |
| tree | ad650cc3be11958964e43d4d88d1f542b33ca857 /bin/systrace | |
| parent | 8341e9f47ce3b457adc79d16be8c5c294fe84f2c (diff) | |
new command line option allows logging to stderr instead of syslog
"looks good" provos@, ok markus@
Diffstat (limited to 'bin/systrace')
| -rw-r--r-- | bin/systrace/systrace.1 | 19 | ||||
| -rw-r--r-- | bin/systrace/systrace.c | 32 |
2 files changed, 42 insertions, 9 deletions
diff --git a/bin/systrace/systrace.1 b/bin/systrace/systrace.1 index ee379ca4f83..7336d218851 100644 --- a/bin/systrace/systrace.1 +++ b/bin/systrace/systrace.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: systrace.1,v 1.37 2003/11/20 10:53:59 jmc Exp $ +.\" $OpenBSD: systrace.1,v 1.38 2004/01/07 21:15:42 sturm Exp $ .\" .\" Copyright 2002 Niels Provos <provos@citi.umich.edu> .\" All rights reserved. @@ -39,7 +39,7 @@ .Sh SYNOPSIS .Nm systrace .Bk -words -.Op Fl AaitUu +.Op Fl AaeitUu .Op Fl c Ar uid:gid .Op Fl d Ar policydir .Op Fl f Ar file @@ -86,7 +86,12 @@ The created policy functions as a base that can be refined. .It Fl a Enables automatic enforcement of configured policies. An operation not covered by policy is denied and logged via -.Xr syslog 3 . +.Xr syslog 3 , +or to +.Em stderr +if the +.Fl e +flag is specified. .It Fl c Ar uid:gid Specifies the .Va uid @@ -99,6 +104,11 @@ root privilege. .It Fl d Ar policydir Specifies an alternative location for the user's directory from which policies are loaded and to which changed policies are stored. +.It Fl e +Specifies to log to +.Em stderr +instead of +.Xr syslog 3 . .It Fl f Ar file The policies specified in .Ar file @@ -221,8 +231,7 @@ the specified regular expression. By appending the .Va log statement to a rule, a matching system call and its arguments -is logged to -.Xr syslog 3 . +are logged. This is useful, for example, to log all invocations of the .Va execve system call. diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 0a6912bb64f..32e62253a6f 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.47 2003/10/18 19:26:00 jmc Exp $ */ +/* $OpenBSD: systrace.c,v 1.48 2004/01/07 21:15:43 sturm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -38,6 +38,7 @@ #include <stdlib.h> #include <unistd.h> #include <stdio.h> +#include <stdarg.h> #include <fcntl.h> #include <signal.h> #include <syslog.h> @@ -60,11 +61,13 @@ int allow = 0; /* Allow all and generate */ int userpolicy = 1; /* Permit user defined policies */ int noalias = 0; /* Do not do system call aliasing */ int iamroot = 0; /* Set if we are running as root */ +int logstderr = 0; /* Log to STDERR instead of syslog */ char cwd[MAXPATHLEN]; /* Current working directory */ char home[MAXPATHLEN]; /* Home directory of user */ char username[MAXLOGNAME]; /* Username: predicate match and expansion */ static void child_handler(int); +static void log_msg(int, const char *, ...); static void usage(void); static int requestor_start(char *); @@ -240,7 +243,7 @@ trans_cb(int fd, pid_t pid, int policynr, out: if (dolog) - syslog(LOG_WARNING, "%s user: %s, prog: %s", + log_msg(LOG_WARNING, "%s user: %s, prog: %s", action < ICPOLICY_NEVER ? "permit" : "deny", ipid->username, output); @@ -313,7 +316,7 @@ gen_cb(int fd, pid_t pid, int policynr, const char *name, int code, } out: if (dolog) - syslog(LOG_WARNING, "%s user: %s, prog: %s", + log_msg(LOG_WARNING, "%s user: %s, prog: %s", action < ICPOLICY_NEVER ? "permit" : "deny", ipid->username, output); @@ -407,6 +410,24 @@ child_handler(int sig) } static void +log_msg(int priority, const char *fmt, ...) +{ + char buf[_POSIX2_LINE_MAX]; + extern char *__progname; + va_list ap; + + va_start(ap, fmt); + + if (logstderr) { + vsnprintf(buf, sizeof(buf), fmt, ap); + fprintf(stderr, "%s: %s\n", __progname, buf); + } else + vsyslog(priority, fmt, ap); + + va_end(ap); +} + +static void usage(void) { fprintf(stderr, @@ -526,7 +547,7 @@ main(int argc, char **argv) uid_t cr_uid; gid_t cr_gid; - while ((c = getopt(argc, argv, "c:aAituUd:g:f:p:")) != -1) { + while ((c = getopt(argc, argv, "c:aAeituUd:g:f:p:")) != -1) { switch (c) { case 'c': setcredentials = 1; @@ -541,6 +562,9 @@ main(int argc, char **argv) case 'd': policypath = optarg; break; + case 'e': + logstderr = 1; + break; case 'A': if (automatic) usage(); |