diff --git a/contrib/openbsm/CHANGELOG b/contrib/openbsm/CHANGELOG index 846cbf98c333..1bb08f39e1c1 100644 --- a/contrib/openbsm/CHANGELOG +++ b/contrib/openbsm/CHANGELOG @@ -1,4 +1,11 @@ -OpenBSM 1.0 +OpenBSM 1.0 alpha 2 + +- Man page formatting improvements. +- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b + events. +- Remove 'tfm' class, unused in OpenBSM. + +OpenBSM 1.0 alpha 1 - Import of Darwin74 BSM drop - Use 'syslog' for audit log warnings, rather than echoing to a file in @@ -64,6 +71,5 @@ OpenBSM 1.0 - Annotate BSM events with origin OS and compatibility information. - auditd(8), audit(8) added to the OpenBSM distribution. auditd extended to support reloading of kernel event table. -- Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#6 $ +$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#7 $ diff --git a/contrib/openbsm/VERSION b/contrib/openbsm/VERSION index d75e15753e1d..ca87319c3c32 100644 --- a/contrib/openbsm/VERSION +++ b/contrib/openbsm/VERSION @@ -1 +1 @@ -OPENBSM_1_0_ALPHA_1 +OPENBSM_1_0_ALPHA_2 diff --git a/contrib/openbsm/bin/audit/audit.8 b/contrib/openbsm/bin/audit/audit.8 index 419bcf12d80d..4883826ce094 100644 --- a/contrib/openbsm/bin/audit/audit.8 +++ b/contrib/openbsm/bin/audit/audit.8 @@ -29,7 +29,7 @@ .\" .\" @APPLE_BSD_LICENSE_HEADER_END@ .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#2 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#4 $ .\" .Dd Jan 24, 2004 .Dt AUDIT 8 @@ -44,10 +44,11 @@ .Sh DESCRIPTION The .Nm -utility controls the state of auditing system. The optional +utility controls the state of the audit system. +The optional .Ar file operand specifies the location of the audit control input file (default -/etc/security/audit_control). +.Pa /etc/security/audit_control ). .Pp The options are as follows: .Bl -tag -width Ds @@ -56,10 +57,11 @@ Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit control file. .It Fl s Specifies that the audit system should [re]synchronize its -configuration from the audit control file. A new log file will be -created. +configuration from the audit control file. +A new log file will be created. .It Fl t -Specifies that the audit system should terminate. Log files are closed +Specifies that the audit system should terminate. +Log files are closed and renamed to indicate the time of the shutdown. .El .Sh NOTES diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.1 b/contrib/openbsm/bin/auditreduce/auditreduce.1 index 6374e5b91150..1ac2acdfebfb 100644 --- a/contrib/openbsm/bin/auditreduce/auditreduce.1 +++ b/contrib/openbsm/bin/auditreduce/auditreduce.1 @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#8 $ .\" .Dd Jan 24, 2004 .Dt AUDITREDUCE 1 @@ -84,7 +84,7 @@ Select records that occurred on a given date. This option cannot be used with .Fl a or -.Fl b +.Fl b . .It Fl e Ar euid Select records with the given effective user id or name. .It Fl f Ar egid diff --git a/contrib/openbsm/bsm/audit_kevents.h b/contrib/openbsm/bsm/audit_kevents.h index 54cc308fc002..48d2b0e96725 100644 --- a/contrib/openbsm/bsm/audit_kevents.h +++ b/contrib/openbsm/bsm/audit_kevents.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#29 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#34 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -45,7 +45,6 @@ * been inserted for the Darwin variants. If necessary, other tags will be * added in the future. */ - #define AUE_NULL 0 #define AUE_EXIT 1 #define AUE_FORK 2 @@ -358,7 +357,32 @@ #define AUE_KQUEUE 377 /* FreeBSD-specific. */ #define AUE_KEVENT 378 /* FreeBSD-specific. */ #define AUE_FSYNC 379 -#define AUE_NMOUNT 380 /* FreeBSD-specific. */ +#define AUE_NMOUNT 380 /* FreeBSD-specific. */ +#define AUE_BDFLUSH 381 /* Linux-specific. */ +#define AUE_SETFSUID 382 /* Linux-specific. */ +#define AUE_GETFSUID 383 /* Linux-specific. */ +#define AUE_PERSONALITY 384 /* Linux-specific. */ +#define AUE_SCHED_GETSCHEDULER 385 /* POSIX.1b. */ +#define AUE_SCHED_SETSCHEDULER 386 /* POSIX.1b. */ +#define AUE_PRCTL 387 /* Linux-specific. */ +#define AUE_GETCWD 388 /* FreeBSD/Linux-specific. */ +#define AUE_CAPGET 389 /* Linux-specific. */ +#define AUE_CAPSET 390 /* Linux-specific. */ +#define AUE_PIVOT_ROOT 391 /* Linux-specific. */ +#define AUE_RTPRIO 392 /* FreeBSD-specific. */ +#define AUE_SCHED_GETPARAM 393 /* POSIX.1b. */ +#define AUE_SCHED_SETPARAM 394 /* POSIX.1b. */ +#define AUE_SCHED_GET_PRIORITY_MAX 395 /* POSIX.1b. */ +#define AUE_SCHED_GET_PRIORITY_MIN 396 /* POSIX.1b. */ +#define AUE_SCHED_RR_GET_INTERVAL 397 /* POSIX.1b. */ +#define AUE_ACL_GET_FILE 398 /* FreeBSD. */ +#define AUE_ACL_SET_FILE 399 /* FreeBSD. */ +#define AUE_ACL_GET_FD 400 /* FreeBSD. */ +#define AUE_ACL_SET_FD 401 /* FreeBSD. */ +#define AUE_ACL_DELETE_FILE 402 /* FreeBSD. */ +#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */ +#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */ +#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the @@ -467,6 +491,8 @@ #define AUE_MUNLOCKALL AUE_NULL #define AUE_PREAD AUE_NULL #define AUE_PWRITE AUE_NULL +#define AUE_PREADV AUE_NULL +#define AUE_PWRITEV AUE_NULL #define AUE_SBRK AUE_NULL #define AUE_SELECT AUE_NULL #define AUE_SEMDESTROY AUE_NULL diff --git a/contrib/openbsm/etc/audit_class b/contrib/openbsm/etc/audit_class index 9f596a276b9d..3a7da08c462d 100644 --- a/contrib/openbsm/etc/audit_class +++ b/contrib/openbsm/etc/audit_class @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#3 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#4 $ # # This file must match audit.h # @@ -17,7 +17,6 @@ 0x00000400:na:non attributable 0x00000800:ad:administrative 0x00001000:lo:login_logout -0x00002000:tf:tfm 0x00004000:ap:application 0x20000000:io:ioctl 0x40000000:ex:exec diff --git a/contrib/openbsm/etc/audit_control b/contrib/openbsm/etc/audit_control index f6ca774e6cbd..fb1ce1a773ef 100644 --- a/contrib/openbsm/etc/audit_control +++ b/contrib/openbsm/etc/audit_control @@ -1,7 +1,7 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $ # dir:/var/audit -flags:lo,ad,-all,^-fa,^-fc,^-cl +flags:lo minfree:20 naflags:lo diff --git a/contrib/openbsm/man/audit.log.5 b/contrib/openbsm/man/audit.log.5 index 5d2dec4f91d5..8877e1d9125b 100644 --- a/contrib/openbsm/man/audit.log.5 +++ b/contrib/openbsm/man/audit.log.5 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#7 $ .\" .Dd May 1, 2005 .Dt AUDIT.LOG 5 @@ -304,7 +304,8 @@ or .It Li "Terminal Machine Address" Ta "4 bytes" Ta "IP address of machine" .El .Ss Expanded Process Token -The .Dv expanded process +The +.Dv expanded process token contains the contents of the .Dv process token, with the addition of a machine address type and variable length @@ -411,7 +412,8 @@ token ... .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" -.It Li XXXXX +.It Li "object ID type" Ta "1 byte" Ta "Object ID" +.It Li "Object ID" Ta "4 bytes" Ta "Object ID" .El .Ss Text Token The @@ -591,6 +593,7 @@ token ... .It Li XXXXX .El .Sh SEE ALSO +.Xr audit 8, .Xr libbsm 3 .Sh AUTHORS The Basic Security Module (BSM) interface to audit records and audit event