freebsd-skq/contrib/openbsm/README
Robert Watson 06edd2f1e8 Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).

OpenBSM history for imported revision below for reference.

MFC after:      1 month
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 beta 1

- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
  Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
  For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added.  It is configured in
  audit_control(5) with the expire-after parameter.  If there is no
  expire-after parameter in audit_control(5), the default, then the audit
  trail files are not expired and removed.  See audit_control(5) for
  more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
  partitions, rotate automatically at 2mb, and set the default policy to
  cnt,argv rather than cnt so that execve(2) arguments are captured if
  AUE_EXECVE events are audited.  These may provide more usable defaults for
  many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
  au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.
2009-03-02 13:29:18 +00:00

60 lines
2.2 KiB
Plaintext

OpenBSM 1.1 beta 1
Introduction
OpenBSM provides an open source implementation of Sun's BSM Audit API.
Originally created under contract to Apple Computer by McAfee Research, this
implementation is now maintained by volunteers and the generous contribution
of several organizations. Coupled with a kernel audit implementation,
OpenBSM can be used to maintain system audit streams, and is a foundation for
an Audit-enabled system. Portions of OpenBSM, including include files and
token-building routines, are reusable in a kernel audit implementation, and
may be found in the FreeBSD and Mac OS X kernels.
Contents
OpenBSM consists of several directories:
bin/ Audit-related command line tools
bsm/ Library include files for BSM
compat/ Compatibility code to build on various OS's
etc/ Sample /etc/security configuration files
libauditd Common audit management functions for auditd and launchd
libbsm/ Implementation of BSM library interfaces and man pages
man/ System call and configuration file man pages
modules/ Directory for auditfilterd module source
sys/ System include files for BSM
test/ Test token sets and geneneration program
tools/ Tool directory, including audump to dump databases
The following programs are included with OpenBSM:
audit Command line audit control tool
auditd Audit management daemon
auditfilterd Experimental event monitoring framework
auditreduce Audit trail reduction tool
audump Debugging tool to parse and print audit databases
praudit Tool to print audit trails
Build and Installation
Please see the file INSTALL for build and installation instructions.
Contributions
The TrustedBSD Project would appreciate the contribution of bug fixes,
enhancements, etc, under identically or substantially similar licenses to
those present on the remainder of the OpenBSM source code.
Location
Information on OpenBSM may be found on the OpenBSM home page:
http://www.OpenBSM.org/
Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
$P4: //depot/projects/trustedbsd/openbsm/README#35 $