Security/Mentorships/MWoS/2014/Linux Audit heka plugin (Go): Difference between revisions

Security/Mentorships/MWoS/2014/Linux Audit heka plugin (Go) (view source)

Revision as of 20:39, 3 November 2014

3,066 bytes added , 3 November 2014

More weeks Added

Arunks

8

edits

@@ Line 94: / Line 94: @@
 Upcoming Work:
 * Change the status code of proto, currently assigned 1000 status code is not correct.
 * Output form of netlink message is structure.
@@ Line 100: / Line 99: @@
 * Make a parse function like audit_get_reply as present in [https://fedorahosted.org/audit/browser/trunk/lib/libaudit.h libaudit.h]
 * Study audit documentation and [https://fedorahosted.org/audit/browser/trunk/lib/libaudit.h libaudit.h] code
+=== 2014-09-15 ===
+Current Work:
+* Added AuditRuleData Structure
+* Added a AuditParse Function
+Discussion Point:
+* Cause of improper parsing.
+* Follow the flow of auditd daemon from reading the code.
+Upcoming Work:
+* Structuring code to follow appropriate steps to enable Audit and receive response.
+* Proper Parsing of a netlink response.
+=== 2014-09-22 ===
+* University Exams from 22 Sep to 26 Sep.
+* Work will be resumed from 26 Sep.
+=== 2014-09-27 ===
+Current Work:
+* Added AuditStatus Structure.
+* Added a AuditSet Function.
+* Appended Byte stream in netlinkMessage.
+Discussion Point:
+* Proper parsing of AuditStatus struct.
+* Enabling Audit from our program.
+Upcoming Work:
+* Working AuditSet function
+* Successfully Enabling Audit.
+* A AuditIsEnable Function.
+* Moving current code to a go package.
+=== 2014-10-04 ===
+Current Work:
+* AuditSet() Response successfully parsed into a AuditStatus struct.
+* AuditIsEnabled Added.
+* A netlinkAudit package.
+Discussion Point:
+* Adding Rules to audit.
+* Receiving further responses from kernel.
+Upcoming Work:
+* Cleaning up old work; A simple driver program.
+* Adding Rules to the Audit System.
+* Adding Syscall information in a Rule struct.
+=== 2014-10-13 ===
+Current Work:
+* AuditAddRuleData() Added.
+* Adding rules to Audit kernel is successful.
+Discussion Point:
+* Remove hardcoded code for adding Rules.
+* A JSON file like audit.rules.
+* A way to map syscalls.
+Upcoming Work:
+* Moving Further ahead to a fully follow the auditd code flow.
+* Adding AuditSetPid for registering our code with kernel.
+* Adding Rules from a JSON File.
+* Concurrent Way to run the code (Adding Channels).
+=== 2014-10-20 ===
+Current Work:
+* X86 json added for mapping syscalls to a integers
+* Changing design of the code.
+* A new branch for work on the configuration part.
+Discussion Point:
+* Receiving response for the rules added
+* Parsing the kernel response successfully.
+Upcoming Work:
+* A Getreply Function.
+* Successful additon of rule from audit.rules.json file.
+* Successful detection of the log message types and appropriate action.
+* Diwali Holidays! More code on the way.
+=== 2014-10-28 ===
+Current Work:
+* Successfully Parsing the responses received from kernel !!(Yay).
+* Better Design; AutoGeneration of sequence numbers.
+* More constants added.
+* Mistakes in channel version. A simple version is added.
+* Syscall mapping perfected.
+* DeleteAllRules function added.
+* Loading one or more rules from audit.rules.json.
+Discussion Point:
+* Addition of fields on the rules.
+* Channel version of the getreply function.
+Upcoming Work:
+* A concurrent Getreply Function.
+* A field mapping json file.
+* More design changes.
+=== 2014-11-4 ===
+Current Work:
+* A field map in JSON.
+* Adding logs in a file.
+* Channel Version added.
+* Simplified Design.
+Discussion Point:
+* Working Field Addition and Error Handling.
+* Porting code to work as Heka Plugin.
+* Input type ( Http/Tcp/Udp ) for the Heka plugin.
+Upcoming Work:
+* A Final Field Version
+* Preetify the output Messages.
+* Moving on to the Heka Part.
 === <date> ===