freebsd-skq/contrib/openbsm/README
rwatson 0776eb3d4e Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.
2009-04-19 16:17:13 +00:00

68 lines
2.6 KiB
Plaintext

OpenBSM 1.1
Introduction
OpenBSM is an open source implementation of Sun's BSM event auditing file
format and API. Originally created for Apple Computer by McAfee Research,
OpenBSM is now maintained by volunteers and through the generous contribution
of several organizations.
OpenBSM includes several command line tools, including auditreduce(8) and
praudit(8) for reducing and printing audit trails, as well as the libbsm(3)
library to manage configuration files, generate audit records, and parse and
print audit trils.
Coupled with a kernel audit implementation, OpenBSM can be used to maintain
system audit streams, and is a foundation for a full audit-enabled system.
Portions of OpenBSM, including include files and token-building routines, are
reusable in a kernel audit implementation, and may be found in the FreeBSD
and Mac OS X kernels.
Contents
OpenBSM consists of several directories:
bin/ Audit-related command line tools
bsm/ Library include files for BSM
compat/ Compatibility code to build on various operating systems
etc/ Sample /etc/security configuration files
libauditd Common audit management functions for auditd and launchd
libbsm/ Implementation of BSM library interfaces and man pages
man/ System call and configuration file man pages
modules/ Directory for auditfilterd module source
sys/ System include files for BSM
test/ Test token sets and geneneration program
tools/ Tool directory, including audump to dump databases
The following programs are included with OpenBSM:
audit Command line audit control tool
auditd Audit management daemon
auditfilterd Experimental event monitoring framework
auditreduce Audit trail reduction tool
audump Debugging tool to parse and print audit databases
praudit Tool to print audit trails
Build and Installation
Please see the file INSTALL for build and installation instructions.
Contributions
The TrustedBSD Project would appreciate the contribution of bug fixes,
enhancements, etc, under identically or substantially similar licenses to
those present on the remainder of the OpenBSM source code. Please see the
file CREDITS to learn more about who has contributed to the project.
Location
Information on OpenBSM may be found on the OpenBSM home page:
http://www.OpenBSM.org/
Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
$P4: //depot/projects/trustedbsd/openbsm/README#36 $