From mboxrd@z Thu Jan  1 00:00:00 1970
From: Klaus Heinrich Kiwi <klausk@br.ibm.com>
Subject: [PATCH 01/07][RFC] RACF audit plugin - configuration files
Date: Fri, 28 Sep 2007 10:28:13 -0300
Message-ID: <1190986093.4113.50.camel@klausk.br.ibm.com>
References: <1190983565.4113.2.camel@klausk.br.ibm.com>
Reply-To: klausk@br.ibm.com
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1190983565.4113.2.camel@klausk.br.ibm.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux-audit@redhat.com
List-Id: linux-audit@redhat.com

This patch adds the configuration files for the racf plugin. There is a
need for two separate configuration files: one for the audit dispatcher
and another for the plugin itself.
The plugin configuration includes server and authentication information,
thus it should not be readable by anyone but root. The (large) default
queue size is to allow event bursts avoiding events drop.
The plugin comes disabled by default.

Signed-off-by: Klaus Heinrich Kiwi <klausk@br.ibm.com>

diff -purN audit-1.6.2/audisp/plugins/racf/audisp-racf.conf audit-1.6.2_racf/audisp/plugins/racf/audisp-racf.conf
--- audit-1.6.2/audisp/plugins/racf/audisp-racf.conf	1969-12-31 21:00:00.000000000 -0300
+++ audit-1.6.2_racf/audisp/plugins/racf/audisp-racf.conf	2007-09-28 09:18:08.000000000 -0300
@@ -0,0 +1,13 @@
+# This is the audit dispatcher configuration
+# for the RACF audit plugin
+# Note that this specific plugin has a configuration
+# file of its own. The complete path for this
+# file must be entered as the argument for the
+# plugin in the 'args' field below
+
+active = no
+direction = out
+path = /sbin/audisp-racf
+type = always 
+args = /etc/audisp/racf.conf
+format = string
diff -purN audit-1.6.2/audisp/plugins/racf/racf.conf audit-1.6.2_racf/audisp/plugins/racf/racf.conf
--- audit-1.6.2/audisp/plugins/racf/racf.conf	1969-12-31 21:00:00.000000000 -0300
+++ audit-1.6.2_racf/audisp/plugins/racf/racf.conf	2007-09-28 09:18:08.000000000 -0300
@@ -0,0 +1,13 @@
+# This is the configuration file for the audit-plugin-racf
+# server, user and password are required, everything else is
+# optional
+# Also note that user is in the format
+# 'racfid=${USER},cn=ictx'
+# where ${USER} is the RACF user with R_auditx authority
+
+server = racf.server
+port = 389
+user = racfid=RACFUSER,cn=ictx
+password = password
+timeout = 15
+q_depth = 256