506764c6f6
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. - Define a new API, au_to_header32_tm(), which adds a struct timeval argument to the ordinary au_to_header32(), which is now implemented by wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL the APIs that invoke gettimeofday(), rather than having a variable definition. Don't try to retrieve time zone information using gettimeofday(), as it's not needed, and introduces possible failure modes. - Don't perform byte order transformations on the addr/machine fields of the terminal ID that appears in the process32/subject32 tokens. These are assumed to be IP addresses, and as such, to be in network byte order. - Universally, APIs now assume that IP addresses and ports are provided in network byte order. APIs now generally provide these types in network byte order when decoding. - Beginnings of an OpenBSM test framework can now be found in openbsm/test. This code is not built or installed by default. - auditd now assigns more appropriate syslog levels to its debugging and error information. - Support for audit filters introduced: audit filters are dynamically loaded shared objects that run in the context of a new daemon, auditfilterd. The daemon reads from an audit pipe and feeds both BSM and parsed versions of records to shared objects using a module API. This will provide a framework for the writing of intrusion detection services. - New utility API, audit_submit(), added to capture common elements of audit record submission for many applications. Obtained from: TrustedBSD Project
169 lines
8.6 KiB
Plaintext
169 lines
8.6 KiB
Plaintext
OpenBSM 1.0 alpha 6
|
|
|
|
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
|
|
previously we used hard-coded 0 and 1 values.
|
|
- Add man page for au_open(), au_write(), au_close(), and
|
|
au_close_buffer().
|
|
- Support a more complete range of data types for the arbitrary data token:
|
|
add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
|
|
to AUR_INT), add AUR_INT64.
|
|
- Add au_close_token(), which allows writing a single token_t to a memory
|
|
buffer. Not likely to be used much by applications, but useful for
|
|
writing test tools.
|
|
- Modify au_to_file() so that it accepts a timeval in user space, not just
|
|
kernel -- this is not a Solaris BSM API so can be modified without
|
|
causing compatibility issues.
|
|
- Define a new API, au_to_header32_tm(), which adds a struct timeval
|
|
argument to the ordinary au_to_header32(), which is now implemented by
|
|
wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL
|
|
the APIs that invoke gettimeofday(), rather than having a variable
|
|
definition. Don't try to retrieve time zone information using
|
|
gettimeofday(), as it's not needed, and introduces possible failure
|
|
modes.
|
|
- Don't perform byte order transformations on the addr/machine fields of
|
|
the terminal ID that appears in the process32/subject32 tokens. These
|
|
are assumed to be IP addresses, and as such, to be in network byte
|
|
order.
|
|
- Universally, APIs now assume that IP addresses and ports are provided
|
|
in network byte order. APIs now generally provide these types in
|
|
network byte order when decoding.
|
|
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
|
|
This code is not built or installed by default.
|
|
- auditd now assigns more appropriate syslog levels to its debugging and
|
|
error information.
|
|
- Support for audit filters introduced: audit filters are dynamically
|
|
loaded shared objects that run in the context of a new daemon,
|
|
auditfilterd. The daemon reads from an audit pipe and feeds both BSM and
|
|
parsed versions of records to shared objects using a module API. This
|
|
will provide a framework for the writing of intrusion detection services.
|
|
- New utility API, audit_submit(), added to capture common elements of audit
|
|
record submission for many applications.
|
|
|
|
OpenBSM 1.0 alpha 5
|
|
|
|
- Update install notes to indicate /etc files are to be installed manually.
|
|
- On systems without LOG_SECURITY, use LOG_AUTH.
|
|
- Convert to autoconf/automake in order to move to a more portable (not
|
|
BSD-specific) build infrastructure, and more easy conditional building of
|
|
components. Currently, the primary feature loss is that automake does
|
|
not have native support for manual symlinks. This will be addressed in a
|
|
future OpenBSM release.
|
|
- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
|
|
(as found on Linux).
|
|
- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
|
|
existing conventions for a CHANGELOG.
|
|
- Some private data structures moved from audit.h to audit_internal.h to
|
|
prevent inappropriate use by applications and name space pollution.
|
|
- Improved detection and use of endian macros using autoconf.
|
|
- Avoid non-portable use of struct in6_addr, which is largely opaque.
|
|
- Avoid leaking BSD kernel socket related token code to user space in
|
|
bsm_token.c.
|
|
- Teach System V IPC calls to look for Linux naming variations for certain
|
|
struct ipc_perm fields.
|
|
- Test for audit system calls, and if not present, don't build
|
|
bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
|
|
those system calls.
|
|
- au_close() is not implemented on systems that don't have audit system
|
|
calls, but au_close_buffer() is.
|
|
- Work around missing BSDisms in bsm_wrapper.c.
|
|
- Fix nested includes so including libbsm.h in an application on Linux
|
|
picks up the necessary definitions.
|
|
|
|
OpenBSM 1.0 alpha 4
|
|
|
|
- Remove "audit" user example from audit_user, as it's not present on most
|
|
systems.
|
|
- Add cannot_audit() function non-Darwin systems that wraps auditon();
|
|
required by OpenSSH BSM support. Convert Darwin cannot_audit() into a
|
|
function rather than a macro.
|
|
- Library build fixed on Darwin following include file tweaks. The native
|
|
Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
|
|
for now we force bsm_wrappers.c to not perform a nested include of
|
|
sys/audit.h.
|
|
|
|
OpenBSM 1.0 alpha 3
|
|
|
|
- Man page formatting, cross reference, mlinks, and accuracy improvements.
|
|
- auditd and tools now compile and run on FreeBSD/arm.
|
|
- auditd will now fchown() the trail file to the audit review group, if
|
|
defined at compile-time.
|
|
- Added AUE_SYSARCH for FreeBSD.
|
|
- Definition of AUE_SETFSGID fixed for Linux.
|
|
|
|
OpenBSM 1.0 alpha 2
|
|
|
|
- Man page formatting improvements.
|
|
- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
|
|
events.
|
|
- Remove 'tfm' class, unused in OpenBSM.
|
|
|
|
OpenBSM 1.0 alpha 1
|
|
|
|
- Import of Darwin74 BSM drop
|
|
- Use 'syslog' for audit log warnings, rather than echoing to a file in
|
|
audit_warn.
|
|
- Compile using BSD make infrastructure.
|
|
- Integrate bsm/ include files from Darwin74 XNU drop into OpenBSM.
|
|
- Narrow set of symbols and defines that are exposed in user space: don't
|
|
compile in code relying on kernel-only types such as 'struct socket'.
|
|
- Add README, including basic build documentation.
|
|
- Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__.
|
|
- Staticize libbsm global variables to avoid leakage into application.
|
|
- Add free_au_user_ent() so that au_user_ent's don't have to be leaked.
|
|
- Clean up bogus nul-termination checks in libbsm.
|
|
- Add libbsm API man pages: au_class.3 au_control.3 au_event.3
|
|
au_free_token.3 au_io.3 au_mask.3 au_token.3 au_user.3 libbsm.3.
|
|
- Add man pages for BSM system calls: audit.2 auditctl.2 auditon.2 getaudit.2
|
|
getauid.2 setaudit.2 setauid.2
|
|
- Modify various libbsm interfaces to more consistently return 'errno' values
|
|
on failure.
|
|
- Break out au_close() into constituent parts, allowing records to be written
|
|
to memory as well as files.
|
|
- Prefix various defines with 'BSM_' to reduce name space pollution.
|
|
- Added audit_internal.h, which can be used by a kernel audit implementation
|
|
wanting to rely on libbsm components.
|
|
- Build with warnings, and eliminate warnings.
|
|
- Make libbsm endian-independent, storing and reading BSM are big endian
|
|
(network byte order) rather than native byte order. More consistently
|
|
print IP addresses using the IP address print routine. These changes
|
|
make use of sys/endian.h from *BSD; since this isn't present on Darwin,
|
|
add it to OpenBSM as compat/endian.h, which is used only on Darwin.
|
|
- Import of Darwin80 BSM drop, including 64-bit file IDs, better
|
|
documentation of private APIs, and bug fixes.
|
|
- White space cleanup.
|
|
- Add audit.log.5, a first cut at a man page documenting the BSM file format.
|
|
- Teach au_read_rec() to recognize stand-alone file tokens, which are present
|
|
at the beginning and end of Solaris audit trails. Technically, these
|
|
appear to violate the high level BSM spec, which suggests that all tokens
|
|
are present in records, but need to be supported.
|
|
- Implement HEADER64, ATTR64, SUBJECT64 token types, which make it possible
|
|
to run praudit(1) on basic Solaris BSM streams.
|
|
- Switched to Solaris spelling of token names; Darwin spellings are now
|
|
deprecated and will be removed in a future version of OpenBSM.
|
|
- Adopt Solaris model for representing IPv4 and IPv6 addresses.
|
|
- Prefer C99 types.
|
|
- Attempt to universally adopt the BSD style(9) coding style for
|
|
consistency.
|
|
- auditreduce(1) now has a usage message.
|
|
- Update support for auditctl(2) system call to support FreeBSD.
|
|
- Add support for /dev/audit as the trigger source on FreeBSD.
|
|
- Add additional event types for Darwin, FreeBSD, and Solaris. Annotate
|
|
conflicts (there are a few, unfortunately). Correct spellings, comment,
|
|
sort, etc. These include {get,set}res[ug]id(), sendfile(), lchflags(),
|
|
eaccess(), kqueue(), kevent(), poll(), lchmod().
|
|
- Relicensed under a BSD license, many thanks to Apple, Inc!
|
|
- Many bug fixes, cleanups, thread safety in the class, control, event,
|
|
and user system audit databases. Annotate some persisting atomicity
|
|
bugs associated with the API and implementation.
|
|
- Add audump test tool.
|
|
- Adopt OpenSolaris BSM API memory semantics: caller allocates memory,
|
|
or static memory is returned for non-_r() versions of API calls.
|
|
_free() calls dropped as a result, and source code compatibility with
|
|
OpenSolaris improved significantly.
|
|
- Annotate BSM events with origin OS and compatibility information.
|
|
- auditd(8), audit(8) added to the OpenBSM distribution. auditd extended
|
|
to support reloading of kernel event table.
|
|
- Allow comments in /etc/security configuration files.
|
|
|
|
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#12 $
|