freebsd-skq/contrib/openbsm/README
rwatson 84f8c77a42 Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
  query it, allowing to set the kernel's maximum audit queue length.
- Add support to push a mapping between audit event names and event numbers
  into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
  auditon(2) operations.
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
  system calls including those for asynchronous I/O, thread management, SCTP,
  jails, multi-FIB support, and misc. POSIX interfaces such as
  posix_fallocate(2) and posix_fadvise(2).
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
  run sandboxed.
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).

Many thanks to Christian Brueffer for producing the OpenBSM release and
importing/tagging it in the vendor branch.  This release will allow improved
auditing of a range of new FreeBSD functionality, as well as non-traditional
events (e.g., fine-grained I/O auditing) not required by the Orange Book or
Common Criteria.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, AFRL
MFC after:	3 weeks
2017-03-26 21:14:49 +00:00

68 lines
2.6 KiB
Plaintext

OpenBSM
Introduction
OpenBSM is an open-source implementation of Sun's BSM event auditing file
format and API. Originally created for Apple Computer by McAfee Research,
OpenBSM is now maintained by volunteers and through the generous contributions
of several organizations.
OpenBSM includes several command line tools, including auditreduce(8) and
praudit(8) for reducing and printing audit trails, as well as the libbsm(3)
library to manage configuration files, generate audit records, and parse and
print audit trails. It also includes the auditd(8) audit configuration
daemon, and the auditdistd(8) audit-trail distribution daemon.
Coupled with a kernel audit implementation, OpenBSM can be used to maintain
system audit streams, and is a foundation for a full audit-enabled system.
Portions of OpenBSM, including include files and token-building routines, are
reusable in a kernel audit implementation, and may be found in the FreeBSD
and Mac OS X kernels.
Contents
OpenBSM consists of several directories:
bin/ Audit-related command line tools and daemons
bsm/ Library header files for BSM
compat/ Compatibility code to build on various operating systems
etc/ Sample /etc/security configuration files
libauditd/ Common audit management functions for auditd and launchd
libbsm/ Implementation of BSM library interfaces and man pages
man/ System call and configuration file man pages
modules/ Directory for auditfilterd module source
sys/ System header files for BSM
test/ Test token sets and geneneration program
tools/ Tool directory, including audump to dump databases
The following programs are included with OpenBSM:
audit Command line audit control tool
auditd Audit management daemon
auditdistd Audit trail distribution daemon
auditfilterd Experimental event monitoring framework
auditreduce Audit trail reduction tool
audump Debugging tool to parse and print audit databases
praudit Tool to print audit trails
Build and Installation
Please see the file INSTALL for build and installation instructions.
Contributions
The TrustedBSD Project would appreciate the contribution of bug fixes,
enhancements, etc, under the same license found in the top-level LICENSE file.
Please see the file CREDITS to learn more about who has contributed to the
project.
Location
Information on OpenBSM may be found on the OpenBSM home page:
http://www.OpenBSM.org/
Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/