06edd2f1e8
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens.
60 lines
2.2 KiB
Plaintext
60 lines
2.2 KiB
Plaintext
OpenBSM 1.1 beta 1
|
|
|
|
Introduction
|
|
|
|
OpenBSM provides an open source implementation of Sun's BSM Audit API.
|
|
Originally created under contract to Apple Computer by McAfee Research, this
|
|
implementation is now maintained by volunteers and the generous contribution
|
|
of several organizations. Coupled with a kernel audit implementation,
|
|
OpenBSM can be used to maintain system audit streams, and is a foundation for
|
|
an Audit-enabled system. Portions of OpenBSM, including include files and
|
|
token-building routines, are reusable in a kernel audit implementation, and
|
|
may be found in the FreeBSD and Mac OS X kernels.
|
|
|
|
Contents
|
|
|
|
OpenBSM consists of several directories:
|
|
|
|
bin/ Audit-related command line tools
|
|
bsm/ Library include files for BSM
|
|
compat/ Compatibility code to build on various OS's
|
|
etc/ Sample /etc/security configuration files
|
|
libauditd Common audit management functions for auditd and launchd
|
|
libbsm/ Implementation of BSM library interfaces and man pages
|
|
man/ System call and configuration file man pages
|
|
modules/ Directory for auditfilterd module source
|
|
sys/ System include files for BSM
|
|
test/ Test token sets and geneneration program
|
|
tools/ Tool directory, including audump to dump databases
|
|
|
|
The following programs are included with OpenBSM:
|
|
|
|
audit Command line audit control tool
|
|
auditd Audit management daemon
|
|
auditfilterd Experimental event monitoring framework
|
|
auditreduce Audit trail reduction tool
|
|
audump Debugging tool to parse and print audit databases
|
|
praudit Tool to print audit trails
|
|
|
|
Build and Installation
|
|
|
|
Please see the file INSTALL for build and installation instructions.
|
|
|
|
Contributions
|
|
|
|
The TrustedBSD Project would appreciate the contribution of bug fixes,
|
|
enhancements, etc, under identically or substantially similar licenses to
|
|
those present on the remainder of the OpenBSM source code.
|
|
|
|
Location
|
|
|
|
Information on OpenBSM may be found on the OpenBSM home page:
|
|
|
|
http://www.OpenBSM.org/
|
|
|
|
Information on TrustedBSD may be found on the TrustedBSD home page:
|
|
|
|
http://www.TrustedBSD.org/
|
|
|
|
$P4: //depot/projects/trustedbsd/openbsm/README#35 $
|