d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0163f8cb67
freebsd-nq/contrib/openbsm/README
Robert Watson 506764c6f6 Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6: 
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
  previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
  au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
  add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
  to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
  buffer.  Not likely to be used much by applications, but useful for
  writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
  kernel -- this is not a Solaris BSM API so can be modified without
  causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
  argument to the ordinary au_to_header32(), which is now implemented by
  wrapping au_to_header32_tm() and calling gettimeofday().  #ifndef KERNEL
  the APIs that invoke gettimeofday(), rather than having a variable
  definition.  Don't try to retrieve time zone information using
  gettimeofday(), as it's not needed, and introduces possible failure
  modes.
- Don't perform byte order transformations on the addr/machine fields of
  the terminal ID that appears in the process32/subject32 tokens.  These
  are assumed to be IP addresses, and as such, to be in network byte
  order.
- Universally, APIs now assume that IP addresses and ports are provided
  in network byte order.  APIs now generally provide these types in
  network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
  This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
  error information.
- Support for audit filters introduced: audit filters are dynamically
  loaded shared objects that run in the context of a new daemon,
  auditfilterd.  The daemon reads from an audit pipe and feeds both BSM and
  parsed versions of records to shared objects using a module API.  This
  will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
  record submission for many applications.

Obtained from:	TrustedBSD Project
2006-06-05 10:52:12 +00:00

99 lines
3.1 KiB
Plaintext
Raw Blame History

OpenBSM 1.0
Introduction
OpenBSM provides an open source implementation of Sun's BSM Audit API.
Originally created under contract to Apple Computer by McAfee Research,
this implementation is now maintained by volunteers and the generous
contribution of several organizations. Coupled with a kernel audit
implementation, OpenBSM can be used to maintain system audit streams, and
is a foundation for an Audit-enabled system.
Contents
OpenBSM consists of several directories:
bin/ Audit-related command line tools
bsm/ System include files for BSM
etc/ Sample /etc/security configuration files
libbsm/ Implementation of BSM library interfaces and man pages
man/ System call and configuration file man pages
OpenBSM currently builds on FreeBSD and Darwin. With Makefile adjustment
and minor tweaks, it should build without problems on a broad range of
POSIX-like systems.
Building
OpenBSM is currently built using autoconf and automake, which should allow
for building on a range of operating systems, including FreeBSD, Mac OS X,
and Linux. Depending on the availability of audit facilities in the
underlying operating system, some components that depend on kernel audit
support are built conditionally. Typically, build will be performed using
./configure
make
To install, use:
make install
You may wish to specify that the OpenBSM components not be installed in the
base system, rather in a specific directory. This may be done using the
--prefix argument to configure. If installing to a specific directory,
remember to update your library path so that running tools from that
directory the correct libbsm is used:
./configure --prefix=/home/rwatson/openbsm
make
make install
LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH
You will need to manually propagate openbsm/etc/* into /etc on your system;
this is not done automatically so as to avoid disrupting the current
configuration. Currently, the locations of these files is not
configurable.
Credits
The following organizations and individuals have contributed substantially
to the development of OpenBSM:
Apple Computer, Inc.
McAfee Research, McAfee, Inc.
SPARTA, Inc.
Robert Watson
Wayne Salamon
Suresh Krishnaswamy
Kevin Van Vechten
Tom Rhodes
Wojciech Koszek
Chunyang Yuan
Poul-Henning Kamp
Christian Brueffer
Olivier Houchard
Christian Peron
Martin Fong
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
Software's FlexeLint tool were used to identify a number of bugs in the
OpenBSM implementation.
Contributions
The TrustedBSD Project would appreciate the contribution of bug fixes,
enhancements, etc, under identically or substantially similar licenses to
those present on the remainder of the OpenBSM source code.
Location
Information on OpenBSM may be found on the OpenBSM home page:
http://www.OpenBSM.org/
Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
$P4: //depot/projects/trustedbsd/openbsm/README#17 $
Reference in New Issue View Git Blame Copy Permalink