freebsd-skq/contrib/openbsm/README
rwatson 8db4ca2429 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00

68 lines
2.6 KiB
Plaintext

OpenBSM 1.1p2
Introduction
OpenBSM is an open source implementation of Sun's BSM event auditing file
format and API. Originally created for Apple Computer by McAfee Research,
OpenBSM is now maintained by volunteers and through the generous contribution
of several organizations.
OpenBSM includes several command line tools, including auditreduce(8) and
praudit(8) for reducing and printing audit trails, as well as the libbsm(3)
library to manage configuration files, generate audit records, and parse and
print audit trils.
Coupled with a kernel audit implementation, OpenBSM can be used to maintain
system audit streams, and is a foundation for a full audit-enabled system.
Portions of OpenBSM, including include files and token-building routines, are
reusable in a kernel audit implementation, and may be found in the FreeBSD
and Mac OS X kernels.
Contents
OpenBSM consists of several directories:
bin/ Audit-related command line tools
bsm/ Library include files for BSM
compat/ Compatibility code to build on various operating systems
etc/ Sample /etc/security configuration files
libauditd Common audit management functions for auditd and launchd
libbsm/ Implementation of BSM library interfaces and man pages
man/ System call and configuration file man pages
modules/ Directory for auditfilterd module source
sys/ System include files for BSM
test/ Test token sets and geneneration program
tools/ Tool directory, including audump to dump databases
The following programs are included with OpenBSM:
audit Command line audit control tool
auditd Audit management daemon
auditfilterd Experimental event monitoring framework
auditreduce Audit trail reduction tool
audump Debugging tool to parse and print audit databases
praudit Tool to print audit trails
Build and Installation
Please see the file INSTALL for build and installation instructions.
Contributions
The TrustedBSD Project would appreciate the contribution of bug fixes,
enhancements, etc, under identically or substantially similar licenses to
those present on the remainder of the OpenBSM source code. Please see the
file CREDITS to learn more about who has contributed to the project.
Location
Information on OpenBSM may be found on the OpenBSM home page:
http://www.OpenBSM.org/
Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
$P4: //depot/projects/trustedbsd/openbsm/README#37 $