Audit Kernel Events
by Efstratios Karatzas for The FreeBSD Project
Kernel subsytems such as NFS & PF can be enhanced to log security related information using TrustedBSD's Audit subsystem. The kernel audit framework will need serious reworking itself because it is currently based on the notion that information is gathered only through system calls and a single kernel thread will be involved in at most one security event at a time. This project will focus in providing audit support for NFS RPCs and the necessary foundations for modifying other kernel subsystems.