84f8c77a42
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to query it, allowing to set the kernel's maximum audit queue length. - Add support to push a mapping between audit event names and event numbers into the kernel (where supported) using new A_GETEVENT and A_SETEVENT auditon(2) operations. - Add audit event identifiers for a number of new (and not-so-new) FreeBSD system calls including those for asynchronous I/O, thread management, SCTP, jails, multi-FIB support, and misc. POSIX interfaces such as posix_fallocate(2) and posix_fadvise(2). - On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now run sandboxed. - Empty "flags" and "naflags" fields are now permitted in audit_control(5). Many thanks to Christian Brueffer for producing the OpenBSM release and importing/tagging it in the vendor branch. This release will allow improved auditing of a range of new FreeBSD functionality, as well as non-traditional events (e.g., fine-grained I/O auditing) not required by the Orange Book or Common Criteria. Obtained from: TrustedBSD Project Sponsored by: DARPA, AFRL MFC after: 3 weeks
46 lines
1.6 KiB
Plaintext
46 lines
1.6 KiB
Plaintext
OpenBSM Build and Installation Instructions
|
|
|
|
OpenBSM is currently built using autoconf and automake, which should allow
|
|
for building on a range of operating systems, including FreeBSD, Mac OS X,
|
|
and Linux. Some components are built only if appropriate kernel audit
|
|
support is found. Typical builds will be performed using:
|
|
|
|
./configure
|
|
make
|
|
|
|
On Linux systems, OpenSSL headers may have to be installed to support
|
|
encryption of on-the-wire audit streams using auditdistd; the following
|
|
appears to work on Ubuntu:
|
|
|
|
sudo apt-get install libssl-dev
|
|
|
|
Similarly, Mac OS X systems will require OpenSSL support:
|
|
|
|
brew install openssl
|
|
|
|
Mac OS X systems will similarly require setting CFLAGS and LDFLAGS to notify
|
|
configure of the location of the OpenSSL headers and library:
|
|
|
|
CFLAGS=-I/usr/local/opt/openssl/include \
|
|
LDFLAGS=-L/usr/local/opt/openssl/lib \
|
|
configure
|
|
|
|
To install the library, binaries, and man pages, use:
|
|
|
|
make install
|
|
|
|
The OpenBSM install will not install files in /etc; these have to be
|
|
manually installed or merged. Currently, the locations of these files are
|
|
not configurable.
|
|
|
|
You may wish to specify that the OpenBSM components not be installed in the
|
|
base system, rather in a specific directory. This may be done using the
|
|
--prefix argument to configure. If installing to a specific directory,
|
|
remember to update your library path so that when running tools from that
|
|
directory the correct libbsm is used:
|
|
|
|
./configure --prefix=/home/rwatson/openbsm
|
|
make
|
|
make install
|
|
LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH
|